L’Université de Neuchâtel a été touchée par une cyberattaque.
Apple's AirTags, its cheap and cheerful trackers, have proven increasingly dangerous. Unfortunately, there's no easy way of making them safer
FTX’s Sam Bankman-Fried, Chain.com CEO Deepak Thapliyal made significant donations to the humanitarian effort.
A Chinese security firm released a detailed report about what it says is malware created by Equation Group, a hacking group widely believed to be the NSA.
Google will no longer allow Russian state media outlets to run ads, following a similar decision on Saturday by the tech giant's video subsidiary, YouTube.
A tracker to collate cyber groups engaged in cyber activities during the Russia-Ukraine war 2022.
STORMOUS RANSOMWARE attacca obiettivi statunitensi, europei e ucraini. Segnali di uno schieramento al fronte
NetBlocks metrics confirm the restriction of Twitter in Russia from the morning of Saturday 26 February 2022. Facebook servers have subsequently been restricted as of Sunday. The restrictions are in ...
The larger of the two disinformation groups operated in Russia, as well as the Russian-dominated Donbas and Crimea regions of Ukraine.
A data wiper cyberattack struck a Ukraine border crossing Saturday as refugees waited in long lines to escape Russian aggression.
The group has claimed credit for hacking the Russian Ministry of Defence database, and is believed to have hacked multiple state TV channels to show pro-Ukraine content
Nvidia told the Telegraph on Friday that it was investigating a security incident, which the Telegraph believes involved Nvidia's internal systems being "completely compromised." Official sources haven't...
As Ukraine continues to make efforts to mobilize and equip ordinary citizens on the ground to resist Russia’s unprovoked invasion of the country, those who are outside Ukraine who want to help are being asked to get involved in the fight in the virtual world. While the G7 (today with the addition of Japan) mobilize […]
Hackers are coming to Ukraine’s aid in an effort to target Russian government websites and officials with disruptive counterattacks, according to six people involved in the activity.
New Malware Capable of Controlling Social Media Accounts Infects 5,000+ Machines and is actively being Distributed via Gaming Applications on Microsoft’s Official Store
Experts expressed concerns about the influx of non-government cyber groups taking sides in the Russian invasion of Ukraine.
Ce bulletin d’actualité exceptionnel propose une analyse des 10 vulnérabilités les plus critiques traitées par l’ANSSI au cours de l’année 2021.
Exclusive: Parts of its business are 'completely compromised' at time of Russian cyberwarfare against Ukraine
An infamous ransomware group with potential ties to Russian intelligence and known for attacking health care providers and hundreds of other targets posted a warning Friday saying it was “officially announcing a full support of Russian government.”
È stato rilevato delle agenzie di sicurezza informatica di Stati Uniti e Regno Unito: anche se non è ancora chiaro a che scopo sia stato utilizzato, i recenti attacchi in Ucraina spingono gli esperti a rimanere vigili
The TrickBot malware operation has shut down after its core developers move to the Conti ransomware gang to focus development on the stealthy BazarBackdoor and Anchor malware families.
The Computer Emergency Response Team of Ukraine (CERT-UA) warned today of a spearphishing campaign targeting private email accounts belonging to Ukrainian armed forces personnel.
In this exclusive and groundbreaking report, Free Russia Foundation has translated and published five documents from the GRU, Russia’s military intelligence agency. The documents, obtained and analyzed by Free Russia Foundation’s Director of Special Investigations Michael Weiss, details the...
Destructive malware deployed against targets in Ukraine and other countries in the region in the hours prior to invasion.
The government of Ukraine is asking for volunteers from the country's hacker underground to help protect critical infrastructure and conduct cyber spying missions against Russian troops, according two people involved in the project.
A new malware is attacking Ukrainian organizations and erasing Windows devices. In this early analysis, we provide technical details, IOCS and hunting rules.
Cybersecurity firms have found a new data wiper used in destructive attacks today against Ukrainian networks just as Russia moves troops into regions of Ukraine.
Two cybersecurity firms with a strong business presence in Ukraine—ESET and Broadcom’s Symantec—have reported tonight that computer networks in the country have been hit with a new data-wiping attack.
The attack is taking place as Russian military troops have crossed the border and invaded Ukraine’s territory in what Russian President Putin has described as a “peacekeeping” mission.
Bvp47 - a Top-tier Backdoor of US NSA Equation Group
We built an AirTag clone capable of silently and continuously tracking someone. The device accomplishes this by sending just one beacon per generated public key, thereby staying invisible to tracking notifications for iOS users and Apple’s Tracker Detect Android app.
Un ex-officier de la CIA évoque les risques et avantages de la stratégie américaine de divulguer des informations brutes du Renseignement pour faire pression sur la Russie
Operation Cache Panda went after software used by majority of industry players
We recently discovered a code vulnerability in Horde Webmail that can be used by attackers to take over email accounts by sending a malicious email.
It's not just one spyware app exposing people's phone data, but an entire fleet of Android spyware apps that share the same security vulnerability.
The White House rapidly gathered evidence and blamed Russia for a cyberattack against Ukraine, the latest sign that cyber attribution is an increasingly crucial tool in the American arsenal.
Michael Montoya, Chief Information Security Officer de la société Equinix, a dévoilé les coulisses de la gestion de crise suite à la découverte de l’attaque par rançongiciel de NetWalker en septembre 2020.
La commission de gestion du National estime que des données pourraient se retrouver en main de tiers en cas de vente d’unités de l’entreprise.
Découverte dans le gestionnaire de paquets Snap pour systèmes Linux développé par Canonical, une faille expose les utilisateurs à de l'escalade de privilèges. Un risque qui peut déboucher jusqu'à de l'accès root.
We recently audited snap-confine (a SUID-root program that is installed
by default on Ubuntu) and discovered two vulnerabilities (two Local
Privilege Escalations, from any user to root): CVE-2021-44730 and
CVE-2021-44731.
Cosa sappiamo di sLoad e perchè è così elusivo?
ENISA and CERT-EU strongly encourage all public and private sector organisations in the EU to adopt a minimum set of cybersecurity best practices
PDF Document
The scandal over NSO Group's Pegasus spyware was uncovered by a single fake image file mistakenly left on an activist's iPhone, a report states, a discovery that prompted international outcry over privacy.
Using machine learning, separate teams of computer scientists identified the same two men as likely authors of messages that fueled the viral movement.
Vodafone Portugal, one of the country’s leading telecommunications companies, said Tuesday it had been hacked though no confidential customer data was compromised
As a journalist working for the Arab news network Alaraby, Rania Dridi said she’s taken precautions to avoid being targeted by hackers, keeping an eye out for suspicious messages and avoiding clicking on links or opening attachments from people she doesn’t know.
L’institution a été victime jeudi soir de ce qui semble être un rançongiciel. Ses services informatiques travaillent d’arrache-pied pour restaurer ses systèmes avant la rentrée de lundi
Control of the internet is increasingly part of any modern conflict.
Hackers aligned with the government of Iran are exploiting the critical Log4j vulnerability to infect unpatched VMware users with ransomware, researchers said on Thursday.
For almost two decades, hackers with Snake have been forcing their way into government networks. They are considered one of the most dangerous hacker groups in the world. Who they work for, though, has always been a matter of pure speculation. But reporters with the German public broadcasters BR and WDR have discovered some clues, and they all lead to the Russian secret service FSB.
La société Passware, qui s'est fait une spécialité des solutions de déverrouillage des Mac et des PC par force brute, est parvenue à « craquer » la puce T2. Mais attention, le processus nécessite de 10 heures à… plusieurs milliers d'années, en fonction du mot de passe et de sa longueur. Mais cela reste possible grâce à une vulnérabilité exploitée par l'entreprise, dont les clients sont principalement les forces de l'ordre mais aussi des entreprises.
Twitter is changing its 2FA service provider after allegations emerged that it sold access to its networks to surveillance companies.
The Red Cross said the attack began on November 9 and involved an authentication bypass vulnerability in Zoho ManageEngine ADSelfService Plus.
Le comité international de la Croix-Rouge vient de confirmer que la cyberattaque dont il a été victime courant janvier a commencé par l’exploitation d’une vulnérabilité critique affectant un serveur Zoho ManageEngine, pour laquelle le correctif n’avait pas été appliqué.
Aux États-Unis, un groupe pharmaceutique victime de NotPetya l'a emporté en première instance face à plusieurs de ses (ré)assureurs. Retour sur l'affaire.
Marsh analysis, insights, and ideas, regarding new cyber insurance policy exclusion language related to war, cyber war, cyber operations, and catastrophic risk.
Merck & Co.‘s victory in a legal dispute with insurers over coverage for $1.4 billion in losses from malware known as NotPetya is expected to force insurance policies to more clearly confront responsibility for the fallout from nation-state cyberattacks.
The year's 1st Chrome zero-day can lead to all sorts of misery, ranging from data corruption to the execution of arbitrary code on vulnerable systems.
As early as Dec. 21, 2021, Unit 42 observed a new infection method for the highly prevalent malware family Emotet. Emotet is high-volume malware that often changes and modifies its attack patterns. This latest modification of the Emotet attack follows suit.
Researchers have revealed details of a now-patched high-severity security vulnerability in Apache Cassandra that, if left unaddressed, could be abused to gain remote code execution on affected installations.
"This Apache security vulnerability is easy to exploit and has the potential to wreak havoc on systems, but luckily only manifests in non-default configurations of Cassandra," Omer Kaspi, security researcher at DevOps firm JFrog, said in a technical write-up published Tuesday.
Meta will pay $90 million to settle litigation over Facebook's use of cookies to track users’ internet use even after they had logged off.
DDoS temporarily take out sites as Ukraine stares down Russian soldiers at its border.
Nearly a month has passed since we determined that servers hosting personal data belonging to more than 515,000 people worldwide were hacked in a sophisticated cyber-attack. We are now in a position to share some findings of our analysis of this data breach.
La Commission de la politique de sécurité du Conseil national propose de modifier la législation afin que la Confédération puisse créer, en collaboration avec les cantons, les hautes écoles, les établissements de recherche et les entreprises suisses, une infrastructure numérique indépendante. Elle estime par ailleurs qu’il y a lieu de définir des normes pour la gestion de la sécurité. La commission a donné suite à une initiative parlementaire en ce sens.
Un trentenaire estime que le journal des connexions à la plateforme des supports de cours de son école a été utilisé contre lui abusivement.
What geopolitical standoff could this possibly be linked to?
A researcher has sent one of Apple's AirTags to a mysterious "federal authority" in Germany to locate its true offices — and to help prove that it's really part of an intelligence agency.
A new DeadBolt ransomware group is encrypting QNAP NAS devices worldwide using what they claim is a zero-day vulnerability in the device's software.
CrowdStrike has observed that malware targeting Linux-based systems increased by 35% in 2021. XorDDoS, Mirai and Mozi were the most common malware families.
Apple's Airtags are an ingenious technology: they fuse every Ios device into a sensor grid that logs the location of each tag, using clever cryptography to prevent anyone but the tag's owner from pulling that information out of the system.
But there are significant problems with Airtags' privacy model. Some of these are unique to Apple, others are shared by all Bluetooth location systems, including Covid exposure-notification apps and Airtag rivals like Tile.
The revelations made about the Pegasus spyware raised very serious questions about the possible impact of modern spyware tools on fundamental rights, and particularly on the rights to privacy and data protection. This paper aims to contribute to the ongoing assessment in the EU and globally of the ...
Over the few last hours, a dozen news stories have broken about how an attacker attempted (and perhaps managed) to steal cryptocurrencies using a BGP leak.
Hackers have stolen roughly $1.9 million from South Korean cryptocurrency platform KLAYswap after they pulled off a rare and clever BGP hijack against the server infrastructure of one of the platform’s providers.
Twitter Inc. told a U.S. senator it is cutting ties with a European technology company that helped it send sensitive passcodes to its users via text message. The social media firm said in a disclosure to U.S. Senator Ron Wyden, a Democrat from Oregon, that it is “transitioning” its service away from working with Mitto AG, according to a Wyden aide.
La double authentification
permet de sécuriser ses comptes en ligne et les données personnelles
qui y sont attachées. Néanmoins, l'entreprise suisse Mitto AG, qui fournit les plus grands noms de la tech comme Twitter
, Google, WhatsApp
ou encore Telegram
, s'en sert également pour ses activités de cybersurveillance…
En plus de Swisscom, près d'une dizaine d’entreprises helvétiques, dont Mitto, sont touchées par l’attaque contre la société iBasis, révèle «Le Temps». Des numéros suisses sont sur le darknet. Ce piratage met aussi en lumière les échanges financiers autour du roaming
Entities in the aviation, aerospace, transportation, manufacturing, and defense industries have been targeted by a persistent threat group since at least 2017 as part of a string of spear-phishing campaigns mounted to deliver a variety of remote access trojans (RATs) on compromised systems
I ricercatori di Proofpoint hanno rilevato TA2541, un attore di minaccia persistente che da anni prende di mira i settori di aviazione, industria
On December 14, 2021, during the Log4Shell chaos, Microsoft published CVE-2021-43893, a remote privelege escalation vulnerability affecting Windows EFS.
Intel471 released a report[1] on a loader system being leveraged for distribution of various crimeware malware families: The report mentioned an administrator panel located on the main command and…
A full technical breakdown of a prolific pay-per-install service.
Apple awarded a $100,500 bug bounty to the researcher who discovered the latest major vulnerability in its browser.
$100,500 Apple Bug Bounty for hacking the webcam via a Safari Universal Cross-Site Scripting (UXSS) bug. CVE-2021-30861, CVE-2021-30975
Analyzing OSX.DazzleSpy
A fully-featured cyber-espionage macOS implant
To protect our users, TAG routinely hunts for 0-day vulnerabilities exploited in-the-wild. In late August 2021, TAG discovered watering hole attacks targeting visitors to Hong Kong websites for a media outlet and a prominent pro-democracy labor and political group. The watering hole served an XNU privilege escalation vulnerability (CVE-2021-30869) unpatched in macOS Catalina, which led to the installation of a previously unreported backdoor.
The website of a Hong Kong pro-democracy radio station was compromised to serve a Safari exploit that installed cyberespionage malware on visitors’ Macs.
Un inquiétant cheval de Troie très discret et multiplateformes vient d'être repéré. Baptisé SysJoker et mis en lumière par la firme de sécurité Intezer, il peut cibler autant Windows, Linux que macOS. Pire encore, celui-ci passait sous les radars des antivirus depuis un bout de temps. Les versions Linux et macOS n'étaient jusqu'à présent pas du tout détectées par des sites
Never-before-seen, cross-platform SysJoker came from an "advanced threat actor."
In December 2021, we discovered a new multi-platform backdoor that targets Windows, Mac, and Linux that we have named SysJoker.
Earlier today (January 11th), Researchers at Intezer published an report titled, “New SysJoker Backdoor Targets Windows, Linux, and macOS.”
In this report, they detailed a new cross-platform backdoor they named SysJoker. Though initially discovered on Linux, the Intezer researchers shortly thereafter also found both Windows and Mac versions:
"SysJoker was first discovered during an active attack on a Linux-based web server of a leading educational institution. After further investigation, we found that SysJoker also has Mach-O and Windows PE versions." -Intezer
An exploit in the Google Docs comment feature allows hackers to easily spread malware and phishing.
Last seen in August 2021, Zloader, a banking malware designed to steal user credentials and private information, is back with a simple yet sophisticated infection chain. Previous Zloader campaigns, which were seen in 2020, used malicious documents, adult sites and Google ads to infect systems.
Evidence of the new campaign was first seen around early November 2021. The techniques incorporated in the infection chain include the use of legitimate remote management software (RMM) to gain initial access to the target machine.
A flaw in Apple's software exploited by Israeli surveillance firm NSO Group to break into iPhones in 2021 was simultaneously abused by a competing company, according to five people familiar with the matter.
A series of reports into how the Israeli police spied on their own citizens has finally grabbed everyone’s attention – and nowhere more so than among Benjamin Netanyahu’s loyal followers
La société américaine iBasis a subi une attaque informatique ces derniers jours. Elle pourrait être utilisée comme transporteur de données appartenant à des opérateurs suisses.
On January 4, 2022, the Wordfence Threat Intelligence team began the responsible disclosure process for several Remote Code Execution vulnerabilities in PHP Everywhere, a WordPress plugin installed on over 30,000 websites. One of these vulnerabilities allowed any authenticated user of any level, even subscribers and customers, to execute code on a site with the plugin ...Read More
Adobe on Sunday rolled out patches to contain a critical security vulnerability impacting its Commerce and Magento Open Source products that it said is being actively exploited in the wild.
Last year was another record setter for our Vulnerability Reward Programs (VRPs). Throughout 2021, we partnered with the security researcher community to identify and fix thousands of vulnerabilities – helping keep our users and the internet safe.
A previously unreported threat actor has been targeting civil society for over a decade. Read about how it operates and its relationships to other threats.
L’entreprise américaine iBasis, qui travaille avec des centaines d’opérateurs télécoms au niveau mondial, a vu une partie de ses données volées et publiées. Les opérateurs suisses sont concernés, révèle «Le Temps»
Disappointed with the lack of US response to the Hermit Kingdom's attacks against US security researchers, one hacker took matters into his own hands.
A vast location-tracking network is being built around us so we don’t lose our keys: One couple’s adventures in the consumer tech surveillance state.
Free Maze / Sekhmet / Egregor ransomware decryptor by Emsisoft. Unlock your files without paying the ransom.
Hello, Its developer. It was decided to release keys to the public for Egregor, Maze, Sekhmet ransomware families.
also there is a little bit harmless source code of polymorphic x86/x64 modular EPO file infector m0yv detected in the wild as Win64/Expiro virus, but it is not expiro actually, but AV engines detect it like this, so no single thing in common with...
A decryptor has been released for the Maze, Sekhmet, and Egregor ransomware after someone published the master decryption keys in a BleepingComputer forum post.
Reputation firms like Eliminalia use legal threats and copyright notices to have material taken down around the world.
Nombreux sont ceux qui utilisent les mêmes mots de passe faibles, encore et encore. Découvrez les 200 mots de passe les plus utilisés dans le monde en 2021.
Cet article contient des listes des mots de passe les plus courants, selon différentes sources.
This is a list of the most common passwords, discovered in various data breaches. Common passwords generally are not recommended on account of low password strength
I'm running MacOS Monterey. Several times in the last few weeks, I've noticed the orange dot indicating the microphone is being used by an app, and I click on the Control Center and see that Zoom is accessing the microphone. I'm not in a meeting and simply have the Zoom app open. Why would Zoom be accessing the microphone when I'm not in a meeting?
Recently, there has been a resurgence of malware that is spread via Microsoft Word macro capabilities....
We’re happy to announce the public release of esmat, a new free & open-source tool. esmat is a command-line app for macOS that allows you to explore the behavior of Apple’s Endpoint Security framework.
The Qualys Research Team has discovered a memory corruption vulnerability in polkit's pkexec, a SUID-root program that is installed by default on every major…
Google Analytics est une fonctionnalité qui peut être intégrée par les gestionnaires de sites web tels que des sites de vente en ligne afin d’en mesurer la fréquentation par les internautes. Dans ce cadre, un identifiant unique est attribué à chaque visiteur. Cet identifiant (qui constitue une donnée personnelle) et les données qui lui sont associées sont transférés par Google aux États-Unis.
Changing Default Behavior
We’re introducing a default change for five Office apps that run macros:
VBA macros obtained from the internet will now be blocked by default.
Google's Project Zero has published a report showing that organizations took less time to address the zero-day vulnerabilities that the team reported last year.
UPnProxy is alive and well. There are 277,000 devices, out of a pool of 3.5 million, running vulnerable implementations of UPnP. Of those, Akamai can confirm that more than 45,000 have been compromised in a widely distributed UPnP NAT injection campaign.
FritzFrog is a peer-to-peer botnet, which means its command and control server is not limited to a single, centralized machine, but rather can be done from every machine in its distributed network. In other words, every host running the malware process becomes part of the network, and is capable of sending, receiving, and executing the commands to control machines in the network.
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerability listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.
Apple a publié iOS 15.3.1 pour corriger la vulnérabilité CVE-2022-22620 de WebKit, qui serait activement exploitée par les cybercriminels.
"Sorti hier, macOS 12.2.1 règle un problème de sécurité dans WebKit, le moteur de Safari, qui aurait pu permettre à une personne malintentionnée d'exécuter du code arbitraire en faisant simplement visiter à l'utilisateur une page web malveillante (CVE-2022-22620). Si votre Mac n'est pas compatible avec macOS Monterey, une mise à jour individuelle de Safari est disponible."
"This document describes the security content of macOS Monterey 12.2.1."
"Apple on Thursday released security updates for iOS, iPadOS, macOS, and Safari to address a new WebKit flaw that it said may have been actively exploited in the wild, making it the company's third zero-day patch since the start of the year."
