Hebdomadaire Shaarli

La centrale nucléaire de Gösgen, dans le canton de Soleure, mise sur la technologie des drones pour sa sécurité et l'inspection. Aujourd'hui, la publication involontaire d'images suscite le débat.

In this research, we uncovered several vulnerabilities and security flaws within the Prometheus ecosystem. These findings span across three major areas: information disclosure, denial-of-service (DoS), and code execution. We found that exposed Prometheus servers or exporters, often lacking proper authentication, allowed attackers to easily gather sensitive information, such as credentials and API keys.
Additionally, we identified an alarming risk of DoS attacks stemming from the exposure of pprof debugging endpoints, which, when exploited, could overwhelm and crash Prometheus servers, Kubernetes pods and other hosts.

• Socks5Systemz, identified last year during large-scale distribution campaigns involving Privateloader, Smokeloader, and Amadey, has actually been active since 2013.
• This malware was sold as a standalone product or integrated into other malware as a SOCKS5 proxy module. Such malware included, at least, Andromeda, Smokeloader and Trickbot.
• In recent months, Bitsight TRACE investigated a Socks5Systemz botnet with 250,000 compromised systems at its peak, geographically dispersed across almost every country in the world.
• The proxy service PROXY.AM, active since 2016, exploits the botnet to provide its users with proxy exit nodes and enable them to pursue broader criminal objectives.

• Akamai security researcher Tomer Peled explored new ways to use and abuse Microsoft's UI Automation framework and discovered an attack technique that evades endpoint detection and response (EDR).

• To exploit this technique, a user must be convinced to run a program that uses UI Automation. This can lead to stealthy command execution, which can harvest sensitive data, redirect browsers to phishing websites, and more.

• Detection of this technique is challenging in several ways, including for EDR. All EDR technologies we have tested against this technique were unable to find any malicious activity.

• This technique can be used on every Windows endpoint with operating system XP and above.

• In this blog post, we provide a full write-up on how to (ab)use the UI Automation framework (including possible attacks that could leverage it) and we present a proof of concept (PoC) for each abuse vector we discuss. We also provide detection and mitigation options.

• In this post, we describe our in-depth investigation into a threat actor to which we have assigned the identifier MUT-1244.
• MUT-1224 uses two initial access vectors to compromise their victims, both leveraging the same second-stage payload: a *phishing campaign targeting thousands of academic researchers and a large number of trojanized GitHub repositories, such as proof-of-concept code for exploiting known CVEs.
• Over 390,000 credentials, believed to be for WordPress accounts, have been exfiltrated to the threat actor through the malicious code in the trojanized "yawpp" GitHub project, masquerading as a WordPress credentials checker.
• Hundreds of victims of MUT-1244 were and are still being compromised. Victims are believed to be offensive actors—including pentesters and security researchers, as well as malicious threat actors— and had sensitive data such as SSH private keys and AWS access keys exfiltrated.
• We assess that MUT-1244 has overlap with a campaign tracked in previous research reported on the malicious npm package 0xengine/xmlrpc and the malicious GitHub repository hpc20235/yawpp.

Oasis Security's research team uncovered a critical vulnerability in Microsoft's Multi-Factor Authentication (MFA) implementation, allowing attackers to bypass it and gain unauthorized access to the user’s account, including Outlook emails, OneDrive files, Teams chats, Azure Cloud, and more. Microsoft has more than 400 million paid Office 365 seats, making the consequences of this vulnerability far-reaching.

The bypass was simple: it took around an hour to execute, required no user interaction and did not generate any notification or provide the account holder with any indication of trouble.

L'administration fédérale doit avoir son propre service en nuage souverain. Suivant le National, le Conseil des Etats a accepté jeudi à l'unanimité un crédit de 246,9 millions de francs pour le "Swiss Governement Cloud" (SGC).

In the increasingly dangerous world of cybercrime, Brian Krebs faces threats, manipulation and the odd chess challenge

A technical analysis of how a malware campaign using a game cheat lure leverages Node.js to distribute XMRig, Lumma and Phemedrone Stealer.

Axpo Systems annonce la mise en service de ce que l'entreprise décrit comme le premier Security Operation Cent

An analysis of CVE-2024-8534, a memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway.

ClickFix fake browser updates are being distributed by bogus WordPress plugins. Learn about the common indicators of compromise.

Bulletproof hosting services provide the infrastructure for cybercriminal activities, enabling criminals to evade legal constraints and are often used for malware, hacking attacks, fraudulent…

The center, called the NATO Integrated Cyber Defense Center, will have multiple locations, but will be headquartered in Mons, Belgium.

Le contexte ORANGE met à disposition de ses clients un service de messagerie électronique (« Mail Orange »). À la suite de plusieurs contrôles, la CNIL a constaté que la société affichait, entre les courriels présents au sein des boîtes de réception des utilisateurs, des annonces publicitaires prenant la forme de courriels.

A Chinese threat actor infiltrated several IT and security companies in a bring-your-own VS code, with an eye to carrying out a supply-chain-based espionage attack.

In this article, I explained how I could compromise the sysupgrade.openwrt.org service by exploiting the command injection and the SHA-256 collision.
As I never found the hash collision attack in a real-world application, I was surprised that I could successfully exploit it by brute-forcing hashes.

The investigation began in the autumn of 2022, following reports of fraudulent phone calls in which scammers impersonated bank employees to extract sensitive information, such as addresses and security answers, from victims. The stolen data was traced back to a specialised online marketplace that operated as a central hub for the trade of illegally obtained information.A central hub for cyber...

Smartphone apps downloaded from Apple and Google can allow parents and other abusers to connect with pedophiles who pay to watch — and direct — criminal behavior.

Apple's macOS has been under siege in 2024 as malware-as-a-service platforms and AI-driven threats make the year a turning point for Mac security.

A deep dive into macOS malware this year.

Phishing attacks increased nearly 40 percent in the year ending August 2024, with much of that growth concentrated at a small number of new generic top-level domains (gTLDs) -- such as .shop, .top, .xyz -- that attract scammers with rock-bottom…

See technical analysis of a zero-day attack that uses corrupted malicious files to bypass detection by advanced security systems.

The team at CYFIRMA analyzed a malicious Android sample designed to target high-value assets in Southern Asia. This sample, attributed to an unknown threat actor, was generated using the Spynote Remote Administration Tool. While the specifics of the targeted asset remain confidential, it is likely that such a target would attract the interest of APT groups. However, we are restricted from disclosing further details about the actual target and its specific region. For a comprehensive analysis, please refer to the detailed report

Officials from EU anti-fraud office were allegedly followed, wiretapped and had their laptops hacked by Hungary’s intelligence agency.

Some users are still lamenting issues in using the encrypted email service

Cado Security Labs details the discovery of a new cross-platform information stealer malware dubbed "Meeten" targeting macOS and Windows users.

Two NHS trusts in England have been hacked in recent weeks, the latest attacks to hit the national health service.

FBI and CISA officials have advised Americans to use encrypted call and messaging apps to protect their communications from threat actors.

This guide provides network engineers and defenders of communications infrastructure with best practices to strengthen their visibility and harden their network

Anna Jaques Hospital revealed that the ransomware attack it suffered last year has exposed sensitive health data for over 316,000 patients.