The new Brain Cipher ransomware operation has begun targeting organizations worldwide, gaining media attention for a recent attack on Indonesia's temporary National Data Center.
28.06.2024 - Le soir du 27 juin 2024, des cybercriminels ont lancé une campagne de « malspam » à grande échelle contre des citoyennes et citoyens de Suisse alémanique. Par le biais d’un e-mail dont l’expéditeur présumé est AGOV, ils tentent d’infecter les appareils des utilisatrices et utilisateurs de macOS avec un maliciel (malware en anglais) du nom de « Poseidon Stealer ».
Researchers unveil SnailLoad, a new side-channel attack exploiting network latency to infer web activity remotely, achieving up to 98% accuracy in vid
The Medusa banking trojan for Android has re-emerged after almost a year of keeping a lower profile in campaigns targeting France, Italy, the United States, Canada, Spain, the United Kingdom, and Turkey.
The owners of Polyfill.io have relaunched the JavaScript CDN service on a new domain after polyfill.io was shut down as researchers exposed it was delivering malicious code on upwards of 100,000 websites.. The Polyfill service claims that it has been
As social networks and porn sites move towards a verified identity model, the actions of one cybersecurity researcher show that ID verification services themselves could get hacked too.
Recently-disrupted LockBit ransomware group, in a desperate attempt to make a comeback, claimed this week that it had hit the Federal Reserve, the central bank of the United States. Except, the rumor has been quashed.
LibreOfficeKit can be used for accessing LibreOffice functionality through C/C++. Typically this is used by third party components to reuse LibreOffice as a library to convert, view or otherwise interact with documents.
LibreOffice internally makes use of "curl" to fetch remote resources such as images hosted on webservers.
A handful cryptographers were asked for feedback on the architecture of the European Identity Wallet (the Architecture Reference Framwork (ARF), currently at version 1.4.0). We seized the opportunity to write a short report to urge Europe to reconsider the design, and to base it on the use of anonymous (aka attribute-based) credentials.
Anonymous credentials were designed specifically to achieve authentication and identification that are both secure and privacy-preserving. As a result, they fully meet the requirements put forth in the eiDAS 2.0 regulation. (The current design does not.) Moreover, they are by now a mature technology. In particular we recommend to use the BBS family of anonymous credentials, which are efficient and mathematically proven secure.
The company “identified a security incident that involved bad actors targeting a limited number of HubSpot customers and attempting to gain unauthorized access to their accounts” on June 22.
Indonesian President Joko Widodo ordered on Friday an audit of government data centres after officials said the bulk of data affected by a recent ransomware cyberattack was not backed up, exposing the country's vulnerability to such attacks.
Last week's cyberattack, the worst in Indonesia in recent years, has disrupted multiple government services including immigration and operations at major airports.
A critical vulnerability is affecting certain versions of GitLab Community and Enterprise Edition products, which could be exploited to run pipelines as any user.
Korean telecom company KT Corporation sent malware to its subscribers who use Webhard's Grid Service peer-to-peer sharing program to hide their files and stop them from using the service.
Critical security flaw in Fortra FileCatalyst Workflow allows database tampering. Patch available.
P2Pinfect is a rust-based malware covered extensively by Cado Security in the past. Cado Security researchers first discovered it during triage of honeypot telemetry in July of 2023.
Researchers warn that the P2Pinfect worm is targeting Redis servers with ransomware and cryptocurrency mining payloads.
The company updated an advisory about a bug affecting the MOVEit tool, warning a “newly identified vulnerability in a third-party component" had elevated the risks.
Progress un-embargoed an authentication bypass vulnerability in Progress MOVEit Transfer.
Many sysadmins may remember last year’s CVE-2023-34362, a cataclysmic vulnerability in Progress MOVEit Transfer that sent ripples through the industry, claiming such high-profile victims as the BBC and FBI. Sensitive data was leaked, and sensitive data was destroyed, as the cl0p ransomware gang leveraged 0days to steal data - and ultimately leaving a trail of mayhem.
According to the Department of Justice, 22-year-old Amin Stigal helped Russian military intelligence carry out cyber operations, including probing computers belonging to a federal government agency in Maryland.
Cyberespionage groups have been using ransomware as a tactic to make attack attribution more challenging, distract defenders, or for a financial reward as a secondary goal to data theft.
Threat actors in the cyberespionage ecosystem are using ransomware for financial gain, disruption, distraction, misattribution, and the removal of evidence.
[German]A Microsoft software developer has accidentally shared internal PlayReady source code with the public (a developer forum). The data leak of 4 GByte is sufficient to compile the required DLL from the source code. This could be a real boon for people who want to reverse engineering or crack PlayReady. What is PlayReady? PlayReady is...
Summary Eclypsium Automata, our automated binary analysis system, has identified a high impact vulnerability (CVE-2024-0762 with a reported CVSS of 7.5) in the Phoenix SecureCore UEFI firmware that runs on multiple families of Intel Core desktop and mobile processors. The issue involves an unsafe variable in the Trusted Platform Module (TPM) configuration that could lead […]
Andrei Sannikov and Evgeny Erlikh discuss the effects of discovering their devices had been infected with Pegasus — making them part of a rapidly expanding list of civil-society figures targeted with the commercial spyware.
CDK Global, the auto dealership software solutions firm that supplies services to an estimated 15,000 dealerships in the U.S. and Canada, said it has begun the
Neiman Marcus is the latest large company affected by a run of attacks on customers of the data cloud storage provider Snowflake.
South Africa’s National Health Laboratory Service (NHLS) was hit by hackers on Saturday, with the dissemination of lab results severely impacted.
Elastic researchers uncovered a new technique, GrimResource, which allows full code execution via specially crafted MSC files. It underscores a trend of well-resourced attackers favoring innovative initial access methods to evade defenses.
Polyfill.io is a service that automatically provides front-end polyfills, making it very convenient to use. You just need to select the functionality you want to polyfill and then include a JavaScript
Lors de sa séance du 19 juin 2024, le Conseil fédéral a approuvé le rapport établi en réponse au postulat 22.3006 de la Commission de la politique de sécurité du Conseil national «État des lieux relatif à la menace que constituent pour la Suisse les campagnes de désinformation». Le rapport montre l’impact sur le pays des activités d’influence dans l’espace de l’information, les éléments caractéristiques pertinents dans ce contexte et les mesures supplémentaires que le Conseil fédéral entend prendre pour contrer ces menaces.
A recently disclosed critical-severity vulnerability in discontinued Zyxel NAS devices is already exploited in botnet attacks, the Shadowserver Foundation warns.
Tracked as CVE-2024-29973, the issue is described as a code injection flaw that can be exploited remotely without authentication. It was introduced last year, when Zyxel patched CVE-2023-27992, a similar code injection bug.
“While patching this vulnerability, they added a new endpoint which uses the same approach as the old ones, and while doing so, implemented the same mistakes as its predecessors,” explains Outpost24 security researcher Timothy Hjort, who discovered and reported the security defect.
A few months ago, I stumbled upon a 24 years old buffer overflow in the glibc, the base library for linux programs. Despite being reachable in multiple well-known libraries or executables, it proved rarely exploitable — while it didn't provide much leeway, it required hard-to-achieve preconditions. Looking for targets lead mainly to disappointment. On PHP however, the bug shone, and proved useful in exploiting its engine in two different ways.
The agency found no evidence that hackers exfiltrated information but noted the intrusion “may have resulted in the potential unauthorized access” to security plans, vulnerability assessments and user accounts within a national system to protect the chemicals sector.
A novel command execution technique dubbed 'GrimResource' uses specially crafted MSC (Microsoft Saved Console) and an unpatched Windows XSS flaw to perform code execution via the Microsoft Management Console.
Wiz Research discovered CVE-2024-37032, an easy-to-exploit Remote Code Execution vulnerability in the open-source AI Infrastructure project Ollama.
Rapid7 observed a recent malvertising campaign luring users to download malicious installers for popular software like Google Chrome and Microsoft Teams.
Discover how RansomHub's ransomware-as-a-service targets Windows, Linux, and ESXi systems.
In this article, we analyze XZ backdoor behavior inside OpenSSH, after it has achieved RSA-related function hook.
A cyber attacker compromised Indonesia's national data centre, disrupting immigration checks at airports, and asked for an $8 million ransom, the country's communications minister told Reuters on Monday.
The attack disrupted several government services, most notably at airports last week, with long lines forming at immigration desks. Automated passport machines were now functioning, the communications ministry said.
Personal information, including partial payment details, may have been obtained by bad actors during an automated credential-stuffing attack on Levi’s online store.
The maker of the famous Levi’s denim jeans reported that over 72,000 accounts were affected during a “security incident” that was detected on July 13th.
The Spanish banking giant was one of the first organizations to report a breach in the Snowflake incident, which is now known to have affected about 165 organizations.
Discover how this healthcare breach unfolds and learn crucial defense strategies. Dive into our expert analysis for actionable insights.
Hackers are exploiting a flaw in a premium Facebook module for PrestaShop named pkfacebook to deploy a card skimmer on vulnerable e-commerce sites and steal people's payment credit card details.
Android, Google’s most popular mobile operating system, powers billions of smartphones and tablets globally. Known for its open-source nature and flexibility, Android offers users a wide array of features, customization options, and access to a vast ecosystem of applications through the Google Play Store and other sources.
However, with its widespread adoption and open environment comes the risk of malicious activity. Android malware, a malicious software designed to target Android devices, poses a significant threat to users’ privacy, security, and data integrity. These malicious programs come in various forms, including viruses, Trojans, ransomware, spyware, and adware, and they can infiltrate devices through multiple vectors, such as app downloads, malicious websites, phishing attacks, and even system vulnerabilities.
