Here's an article from a French anarchist describing how his (encrypted) laptop was seized after he was arrested, and material from the encrypted partition has since been entered as evidence against him. His encryption password was supposedly greater than 20 characters and included a mixture of cases, numbers, and punctuation, so in the absence of any sort of opsec failures this implies that even relatively complex passwords can now be brute forced, and we should be transitioning to even more secure passphrases.
Or does it? Let's go into what LUKS is doing in the first place. The actual data is typically encrypted with AES, an extremely popular and well-tested encryption algorithm. AES has no known major weaknesses and is not considered to be practically brute-forceable - at least, assuming you have a random key. Unfortunately it's not really practical to ask a user to type in 128 bits of binary every time they want to unlock their drive, so another approach has to be taken.
How links between ‘hacktivists’ and official military are becoming blurred on both sides in the war.
CVE-2023-1671 is a pre-authenticated command injection in Sophos Web Appliance. In this blog post, VulnCheck researchers analyze the vulnerability and develop a proof of concept (PoC) for it.
Hackers first compromised a different software maker and embedded malware in one of its programs. 3CX got compromised when a worker downloaded that program. It's not known why worker downloaded it.
Tallinn, Estonia – From 18 to 21 April, the NATO Cooperative Cyber Defense Center of Excellence (CCDCOE) is hosting Locked Shields 2023, the world’s largest live-fire cyber defense exercise. Over 3,000 participants from 38 nations are taking part in the exercise, which involves protecting real computer systems from real-time attacks and simulating tactical and strategic decisions in critical situations.
North Korean-linked operation affected more organizations beyond 3CX, including two critical infrastructure organizations in the energy sector.
Our team is tracking in-the-wild exploitation of zero-day vulnerabilities against PaperCut MF/NG which allow for unauthenticated remote code execution due to an authentication bypass.
Le CERT Santé revient sur la cyberattaque du centre hospitalier de Cahors suite à l’exploitation d’une faille de sécurité.
Learn how APT group, BlueNoroff, targets Apple with malware variant to compromise macOS devices.
We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX, a complex, lengthy intrusion that has the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accounts…
Similarities with newly discovered Linux malware used in Operation DreamJob corroborate the theory that the 3CX attack was carried out by Lazarus.
A software supply chain attack led to another software supply chain attack.
Web3 technologies are seeing widespread adoption — including by TAs. We discuss Web3 technology InterPlanetary File System (IPFS), and malicious use of it.
Driver based attacks against security products are on the rise
Après d'intenses semaines de réflexion, de clarifications internes et d'enquêtes techniques, l'administration fédérale a décidé de ne pas bannir TikTok des téléphones de fonction. Une décision à contre-courant de nombreux pays européens.
Pour lutter contre les nouvelles menaces, le Conseil fédéral veut renforcer le Département fédéral de la défense en créant un nouvel organe spécialisé.
No worries, outsourcer only handles government tech contracts worth billions
The first four of these CVEs affect a function in libntp that is only used by ntpq, but not by ntpd. The last CVE affects the driver for a hardware clock (GPS receiver), so ntpd might be vulnerable...
in2al5d p3in4er is a highly evasive new loader that has a detection ratio of 0 on VirusTotal. We explain how it works, and how to prevent it.
Discovery of a macOS variant of LockBit has caused alarm, but how serious a threat is it? We explore the malware and the threat of ransomware on Apple Macs.
Apple has fixed the three exploits used to deploy the Pegasus spyware, which did not require any interaction from the target.
We’d like to provide an update on our investigation into the suspicious activity detected in our Fortra GoAnywhere MFT solution. Working with Unit 42, we have completed our investigation and have compiled a factual summary of the investigation, as well as continuous improvement actions Fortra is taking to further strengthen our systems and recommended actions customers can take to secure their data and improve their security posture using available features in the GoAnywhere MFT solution.
One widely publicized case of disappearances relevant to this case of spyware infection occurred in September 2015 when a group of 43 students at a teacher
In early April, we detected a significant increase in attacks that use banking Trojans of the QBot family. The malware would be delivered through e-mails that were based on real business letters the attackers had gotten access to.
On April 12th, 2023, Microsoft released a slew of new patches for its Windows operating system, one of which was to fix CVE-2023-21554, a remotely-exploitable vulnerability in the obscure Windows Message Queuing (MSMQ) service that can lead to remote code execution (RCE).
The relevance of this macOS specimen is well articulated in their tweet:
“Lockbit ransomware group has created their first MacOS-based payload. We believe this is the first time a large ransomware threat group has developed a payload for Apple products.” vx-underground
Ok, so even though it’s the weekend, we have what appears to be a new macOS malware specimen from one of the more notorious ransomware gangs! Coupled with the fact that this may be, (as noted by @VXUnderground), “the first time a large ransomware threat group has developed a payload for Apple products” …I was intrigued to decided to dig right in!
Kernel 6.2 ditched a useful defense against ghostly chip design flaw
