Mur d'images - Cyberveille

by Decio

Okta reveals additional attackers' activities in October 2023 Breach

Play Ransomware Goes Commercial - Now Offered as a Service to Cybercriminals

Diamond Sleet supply chain compromise distributes a modified CyberLink installer | Microsoft Security Blog

Welltok data breach exposes data of 8.5 million US patients

Japan space agency hit with cyberattack, rocket and satellite info not accessed | Reuters

InfectedSlurs Botnet Spreads Mirai via Zero-Days

Spyware Targeting Against Serbian Civil Society - The Citizen Lab

Spyware in Serbia: civil society under attack - Access Now

DP World confirms data stolen in cyberattack, no ransomware used

DPRK Crypto Theft | macOS RustBucket Droppers Pivot to Deliver KandyKorn Payloads

Report claims to reveal identity of Russian hacktivist leader

440,000 Sets of Personal Info Affected by Hack of Line Operator | Nippon.com

Telekopye: Chamber of Neanderthals’ secrets

Into the Trash: Analyzing LitterDrifter

Concevis: des données du fisc auraient fuité (update 3)

iPhone: Why Apple is working hard to break into its own phones

USB worm unleashed by Russian state hackers spreads worldwide

Thousands of routers and cameras vulnerable to new 0-day attacks by hostile botnet | Ars Technica

The Ticking Supply Chain Attack Bomb of Exposed Kubernetes Secrets

How to bypass Windows Hello, log into vulnerable laptops

Le Conseil fédéral clarifie les tâches de l’Office fédéral de la cybersécurité

CVE-2023-46604 (Apache ActiveMQ) Vulnerability Exploited to Infect Systems With Cryptominers and Rootkits

Hacking Employers and Seeking Employment: Two Job-Related Campaigns Bear Hallmarks of North Korean Threat Actors

Meet the Unique New "Hacking" Group: AlphaLock

Artificial Intelligence in Education – Legal Best Practices

Building an Exploit for FortiGate Vulnerability…

InfectedSlurs Botnet Spreads Mirai via Zero-Days

Understanding the Phobos affiliate structure and activity

Atomic Stealer distributed to Mac users via fake browser updates | Malwarebytes

Les Suisses préoccupés par leur cybersécurité même s'ils sont rarement touchés

Rhysida ransomware gang claims attack on British Library • The Register

Nearly 9 million patients' records compromised in data breach

Lumma Stealer malware now uses trigonometry to evade detection

Combien de PME mettent la clé sous la porte après une cyberattaque ? | LeMagIT

Pourquoi les hackers russes sont plus dangereux que jamais

GitHub - yunuscadirci/DIALStranger: details about DIAL protocol vulnerabilities

Thornaby: Woman targeted in £13k train station QR code scam

2023’s ransomware rookies are a remix of Conti and other classics

Hackers swipe Booking.com, damage from attack is global

Arnaque: les clients de booking.com ciblés par des pirates

Gang says ICBC paid ransom over hack that disrupted US Treasury market | Reuters

Toyota confirms breach after Medusa ransomware threatens to leak data

Les 10 principales vulnérabilités des modèles GPT

Zimbra 0-day used to target international government organizations

European Telecom Body to Open-Source Radio Encryption System

Uncovering thousands of unique secrets in PyPI packages

In a first, cryptographic keys protecting SSH connections stolen in new attack | Ars Technica

Google’s new Titan Security Keys let you store passkeys

Intel fixes high-severity CPU bug that causes “very strange behavior”

A Closer Look at ChatGPT's Role in Automated Malware Creation

The Mirai Confessions: Three Young Hackers Who Built a Web-Killing Monster Finally Tell Their Story | WIRED

C3RB3R Ransomware | Ongoing Exploitation of CVE-2023-22518 Targets Unpatched Confluence Servers - SentinelOne

Google researchers discover 'Reptar,’ a new CPU vulnerability

District of Puerto Rico | Russian and Moldovan National Pleads Guilty to Operating Illegal Botnet Proxy Service that Infected Tens of Thousands of Internet-Connected Devices Around the World | United States Department of Justice

Microsoft Patch Tuesday November 2023

La nLPD est directement applicable à l’intelligence artificielle

The $2,000 Phones that Let Anyone Make Robocalls

Child sexual abuse online: effective measures, no mass surveillance

Nothing new, still broken, insecure by default since then: Python's e-mail libraries and certificate verification

GameOver(lay) - Local Privilege Escalation in Ubuntu Kernel

Rançongiciel Phobos : arrestation de deux Russes, soupçonnés d’une dizaine d’attaques en France

Malaysian Police Dismantle “BulletProftLink” Phishing Operation

Bitter Pill: Third-Party Pharmaceutical Vendor Linked to Pharmacy and Health Clinic Cyberattack

Cybersécurité: plus de trois mois pour colmater une faille

Ivanti EPMM CVE-2023-39335/39337

Détournement de Microsoft et Cloudflare au cours d’une nouvelle attaque de QRishing

Here’s How Violent Extremists Are Exploiting Generative AI Tools

DP World: Australian ports to remain closed as AFP investigates cybersecurity breach

Apple neglects to patch multiple critical vulnerabilities in macOS

CVE-2023-38548

Detecting “Effluence”, an Unauthenticated Confluence Web Shell

ICBC hit by ransomware impacting global trades

Dozens of npm Packages Caught Attempting to Deploy Reverse Shell

Nude “before and after” photos stolen from plastic surgeon, posted online, and sent to victims' family and friends

Ransomware attack on ICBC disrupts trades in US Treasury market

Cloudflare website downed by DDoS attack claimed by Anonymous Sudan

Microsoft Temporarily Blocked Internal Access to ChatGPT, Citing Data Concerns

Atlassian confirms ransomware is exploiting latest Confluence bug

Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology

Malvertiser copies PC news site to deliver infostealer

Android Kitchen Sink: Send BLE spam to iOS, Android and Windows at once using Android app - Mobile Hacker

SysAid Zero-Day Vulnerability Exploited by Ransomware Group - SecurityWeek

SysAid On-Prem Software CVE-2023-47246 Vulnerability

Microsoft offers politicians protection against deepfakes

Predator AI | ChatGPT-Powered Infostealer Takes Aim at Cloud Platforms

Infomaniak intègre une IA souveraine à son service d'e-mails

Python obfuscation traps

Common Vulnerability Scoring System

ATT&CK v14 Unleashes Detection Enhancements, ICS Assets, and Mobile Structured Detections | by Amy L. Robertson

Jamf Threat Labs Discovers Malware from BlueNoroff

Critical Atlassian Confluence bug exploited in Cerber ransomware attacks

Not so lucky: BlackCat is back!

Discord will switch to temporary file links to block malware delivery

Elastic catches DPRK passing out KANDYKORN — Elastic Security Labs

AI companies have all kinds of arguments against paying for copyrighted content

GhostSec offers Ransomware-as-a-Service Possibly Used to Target Israel

Suspected Exploitation of Apache ActiveMQ CVE-2023-46604

Four dozen countries declare they won't pay ransomware ransoms | CyberScoop

Apple 'Find My' network can be abused to steal keylogged passwords

Send My: Arbitrary data transmission via Apple's Find My network | Positive Security

New Microsoft Exchange zero-days allow RCE, data theft attacks

Microsoft is overhauling its software security after major Azure cloud attacks

How Kopeechka, an Automated Social Media Accounts Creation Service, Can Facilitate Cybercrime

Mozi botnet goes dark under mysterious circumstances

How a tiny Pacific Island became the global capital of cybercrime | MIT Technology Review

FIRST Announces CVSS 4.0 - New Vulnerability Scoring System

Microsoft profiles new threat group with unusual but effective practices

Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction

Boeing says 'cyber incident' hit parts business after ransom threat | Reuters

CVE-2023-46604

Massive ransomware attack hinders services in 70 German municipalities

2022 RTF Global Ransomware Incident Map: Attacks continue worldwide, groups splinter, education sector hit hard

Massive cybercrime URL shortening service uncovered via DNS data

CVE-2023-46747

Atlassian warns of critical Confluence flaw leading to data loss

SEC accuses SolarWinds CISO of misleading investors before Russian cyberattack | TechCrunch

Surge in QR Code Quishing: Check Point Records 587% Attack Spike

Two Developers of the Ragnar Locker Ransomware Arrested in Spain

GHOSTPULSE haunts victims using defense evasion bag o' tricks

FakeUpdateRU Chrome Update Infection Spreads Trojan Malware

3 new NGINX ingress controller Kubernetes related vulnerabilities

Introducing HAR Sanitizer: secure HAR sharing

HackerOne paid ethical hackers over $300 million in bug bounties

SIM Swappers Are Working Directly with Ransomware Gangs Now

CVE-2023-45498: RCE in VinChin Backup

Compromising F5 BIGIP with Request Smuggling | CVE-2023-46747

Chatbot Hallucinations Are Poisoning Web Search

European govt email servers hacked using Roundcube zero-day

A cascade of compromise: unveiling Lazarus' new campaign

Hyundai to hold software-upgrade clinics across the US for vehicles targeted by thieves | AP News

StripedFly: Perennially flying under the radar

Triangulation: validators, post-compromise activity and modules | Securelist

VMSA-2023-0023

Hackers can force iOS and macOS browsers to divulge passwords and much more

Partout, les passkeys remplacent les mots de passe. Au tour des entreprises?

Now Android and Windows devices aren't safe from Flipper Zero either | ZDNET

Citrix warns admins to patch NetScaler CVE-2023-4966 bug immediately

CVE-2023-4966: NetScaler Critical Security Update Now Available

Battling a new DarkGate malware campaign with Malwarebytes MDR

Citrix Bleed: Leaking Session Tokens with CVE-2023-4966

Okta incident and 1Password | 1Password

1Password Detects Suspicious Activity Following Okta Support Breach

Spain police dismantled a cybercriminal group who stole data of 4 million individuals

Okta stock falls after company says client files accessed by hackers via support system

How Cloudflare mitigated yet another Okta compromise

CVE-2023-38831 Exploited by Pro-Russia Hacking Groups in RU-UA Conflict Zone for Credential Harvesting Operations

Measures taken following the unprecedented cyber-attack on the ICC

Switzerland’s e-voting system has predictable implementation blunder

Un cybercriminel russe membre du gang Ragnar Locker arrêté en France

Cisco discloses new IOS XE zero-day exploited to deploy malware implant

D-Link confirms data breach after employee phishing attack

Ragnar Locker ransomware gang taken down by international police swoop

Casio keyed up after data loss hits customers in 149 countries • The Register

Ukrainian activists hack Trigona ransomware gang, wipe servers

Ragnar Locker ransomware’s dark web extortion sites seized by police

CIA exposed to intelligence interception due to X's URL bug

The forgotten malvertising campaign

Hackers exploit critical flaw in WordPress Royal Elementor plugin

Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerability

Lausanne veut 2,24 millions pour sa sécurité IT

L’attaque contre Xplain bloque la modernisation de l’IT de la police vaudoise

Les polices vaudoises hésitent à numériser l’ensemble de leurs activités avec Xplain - rts.ch - Vaud

Disclosing the BLOODALCHEMY backdoor

Coordinated Disclosure: 1-Click RCE on GNOME (CVE-2023-43641)

LinkedIn Smart Links Fuel Credential Phishing Campaign

Users of Telegram, AWS, and Alibaba Cloud targeted in latest supply chain attack

The evolution of Windows authentication

Balada Injector Targets Unpatched tagDiv Plugin, Newspaper Theme & WordPress Admins

Steam Adds Security Layer for Devs After Some Had Their Accounts Compromised and Malware Was Injected in Games

The Predator Files: European Spyware Consortium Supplied Despots and Dictators

IZ1H9 Campaign Enhances Its Arsenal with Scores of Exploits | FortiGuard Labs

HTTP/2 Rapid Reset: deconstructing the record-breaking attack

The Art of Concealment: A New Magecart Campaign That’s Abusing 404 Pages | Akamai

Plus de la moitié des aînés ciblés par des cyber-escrocs

Les hôpitaux de Vittel et Neufchâteau victimes d'une cyberattaque

23andMe User Data Stolen in Targeted Attack on Ashkenazi Jews

90s Vulns In 90s Software (Exim) - Is the Sky Falling?

Rules of engagement issued to hacktivists after chaos

Android TV Boxes Infected with Backdoors, Compromising Home Networks

X-Force uncovers global NetScaler Gateway credential harvesting campaign

n their push for AI-generated content, tech companies are dancing on the edge between fucking around and finding out.

Genetics firm 23andMe says user data stolen in credential stuffing attack

Mirai Botnet's New Wave: hailBot,kiraiBot, catDDoS, and Their Fierce Onslaught - NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.

New Supermicro BMC Vulnerabilities Could Expose Many Servers to Remote Attacks

Binarly REsearch Uncovers Major Vulnerabilities in Supermicro BMCs

The evolutionary tale of a persistent Python threat

CVE: Zero-Day Privilege Escalation in Confluence Server & Data Center

Coop et Migros vendent des données clients à des entreprises tierces

Sony confirms data breach impacting thousands in the U.S.

CVE-2023-4911: Looney Tunables - Local Privilege Escalation in the glibc’s ld.so

Vulnerable Arm GPU drivers under active exploitation. Patches may not be available | Ars Technica

Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers

Microsoft Defender Flags Tor Browser as a Trojan and Removes it from the System

Critical vulnerabilities in Exim threaten over 250k email servers worldwide | Ars Technica

Cisco urges admins to fix IOS software zero-day exploited in attacks

Routers have been rooted by Chinese spies US and Japan warn

NSA chief announces new AI Security Center, 'focal point' for AI use by government, defense industry

Vulnerability in popular ‘libwebp’ code more widespread than expected

CVE-2023-42793

New GPU Side-Channel Attack Allows Malicious Websites to Steal Data

Sony Investigating After Hackers Offer to Sell Stolen Data

Decade of newborn child registry data stolen in MOVEit mass-hack

Deux jeunes hackers jugés pour une campagne de mails « cryptoporno » en 2019

From ScreenConnect to Hive Ransomware in 61 hours

PREDATOR IN THE WIRES: Ahmed Eltantawy Targeted with Predator Spyware After Announcing Presidential Ambitions

0-days exploited by commercial surveillance vendor in Egypt

All thanks to ‘Big Yellow Taxi’: How State discovered Chinese hackers reading its emails

New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware

Apple emergency updates fix 3 new zero-days exploited in attacks

International Criminal Court hit with a cyber attack

US-Canada water commission confirms 'cybersecurity incident"

GitLab addressed critical vulnerability CVE-2023-5009

Trend Micro addresses actively exploited zero-day in Apex One

[CVE-2023-42752] integer overflow in Linux kernel leading to exploitable memory access

Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT

38TB of data accidentally exposed by Microsoft AI researchers | Wiz Blog

Leaked Microsoft documents hint at new Doom and Dishonored games

Microsoft AI Employee Accidentally Leaks 38TB of Data

New Python NodeStealer Goes Beyond Facebook Credentials, Now Stealing All Browser Cookies and Login Credentials

BlackCat ransomware hits Azure Storage with Sphynx encryptor

Ransomware flingers hit Manchester cops in the supply chain • The Register

TikTok fined €345M by Irish DPC for violating children’s privacy

When MFA isn't actually MFA

How Google Authenticator made one company’s network breach much, much worse

Can't Be Contained: Finding a Command Injection Vulnerability in Kubernetes

Update Adobe Acrobat and Reader to Patch Actively Exploited Vulnerability

Argent russe: la place financière suisse rattrapée par une fuite de données

macOS MetaStealer | New Family of Obfuscated Go Infostealers Spread in Targeted Attacks

Trojanized Free Download Manager found to contain a Linux backdoor

Threat actor leaks sensitive data belonging to Airbus

Mozilla patches Firefox, Thunderbird against zero-day exploited in attacks

Critical WebP bug: many apps, not just browsers, under threat

With 0-days hitting Chrome, iOS, and dozens more this month, is no software safe? | Ars Technica

PSA: Ongoing Webex malvertising campaign drops BatLoader

Attacker combines phone, email lures into believable, complex attack chain

Ransomware crew hits Save The Children, steals 7TB of data

Microsoft to defend customers on AI copyright challenges

ChatGPT fails in languages like Tamil and Bengali

KNVB paid ransom to prevent cyber criminals from publishing footballers' passports

Cybersecurity issue prompts computer shutdowns at MGM Resorts properties across US

Active North Korean campaign targeting security researchers

North Korea-backed hackers target security researchers with 0-day

Mozilla Report Finds That New Cars Give Out Lots of Your Info

The International Criminal Court Will Now Prosecute Cyberwar Crimes

Last Week on My Mac: How quickly can Apple release a security update?

China’s iPhone ban expected to expand to more government agencies soon

Code Vulnerabilities Put Proton Mails at Risk

Mac users targeted in new malvertising campaign delivering Atomic Stealer

Apple discloses 2 new zero-days exploited to attack iPhones, Macs

How China Demands Tech Firms Reveal Hackable Flaws in Their Products

Rockstar Games reportedly sold games with Razor 1911 cracks on Steam

Compromised Microsoft Key: More Impactful Than We Thought

Thinking about the security of AI systems

Developers Warned of Malicious PyPI, NPM, Ruby Packages Targeting Macs - SecurityWeek

Nascent Malware Campaign Targets npm, PyPI, and RubyGems Developers

What's in a NoName? Researchers see a lone-wolf DDoS group

Okta customers targeted in social engineering scam

Attackers access military data through fencing supplier

China Bans iPhone Use for Government Officials at Work

Zaun Data Breach

Is macOS’s new XProtect behavioural security preparing to go live?

Apple’s Decision to Kill Its CSAM Photo-Scanning Tool Sparks Fresh Controversy

The Emergence of Ransomed: An Uncertain Cyber Threat in the Making

Pay our ransom instead of a GDPR fine, cybercrime gang tells its targets

Healthcare Organizations Hit by Cyberattacks Last Year Reported Big Impact, Costs

VMConnect supply chain attack continues, evidence points to North Korea - Security Boulevard

An Ongoing Open Source Attack Reveals Roots Dating Back To 2021

New Twitter scam in China: sextortion scammers

Hackers modify open-source ‘SapphireStealer’ malware, leading to multiple variants

LogicMonitor customers hit by hackers, because of default passwords | TechCrunch

Unmasking Trickbot, One of the World’s Top Cybercrime Gangs

Qakbot Malware Takedown and Defending Forward

Raising Online Defenses Through Transparency and Collaboration | Meta

How NightOwl for Mac Added a Botnet

It Costs Just $400 to Build an AI Disinformation Machine

Xplain: les données de procédures pénales en cours sont sur le darknet

Exposing DuckTail

Qakbot botnet infrastructure shattered after international operation

The Cheap Radio Hack That Disrupted Poland’s Railway System

Qakbot botnet dismantled after infecting over 700,000 computers

Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation (CVE-2023-2868)

Attacks on Citrix NetScaler systems linked to ransomware actor

Adversary On The Defense: ANTIBOT.PW

#FuckStalkerware pt. 3 - ownspy got, well, owned

GTA 6 Hacker Found To Be Teen With Amazon Fire Stick In Small Town Hotel Room

Lapsus$: Court finds teenagers carried out hacking spree

Security advisory: malicious crate rustdecimal

Poland investigates cyber-attack on rail network - BBC News

Met Police admits details of officers at risk of exposure after warrant card supplier was hacked

CVE-2023-36844 And Friends: RCE In Juniper Devices

MOVEit, the biggest hack of the year, by the numbers

Technical Advisory – SonicWall Global Management System (GMS) & Analytics – Multiple Critical Vulnerabilities

Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT

Time keeps on slippin’ slippin’ slippin’: The 2023 Active Adversary Report for Tech Leaders – Sophos News

Ransomware infection wipes all CloudNordic servers

Fake Roblox packages target npm with Luna Grabber information-stealing malware

Genève: Un élu a farfouillé sans droit dans les fichiers de la justice

WinRAR 0-day that uses poisoned JPG and TXT files under exploit since April | Ars Technica

Using WinRAR? Be sure to patch against these code execution bugs… – Naked Security

#NoFilter - Abusing Windows Filtering Platform for Privilege Escalation

British court convicts two teen Lapsus$ members of hacking tech firms

XLoader's Latest Trick | New macOS Variant Disguised as Signed OfficeNote App

Ecuador’s national election agency says cyberattacks caused absentee voting issues

CVE-2023-34127

Sneaky Amazon Google ad leads to Microsoft support scam

Ivanti warns of new actively exploited MobileIron zero-day bug

Brazilian hacker claims Bolsonaro asked him to hack into the voting system ahead of 2022 vote | AP News

Data Theft Via MOVEit: 4.5 Million More Individuals Affected

Chinese Microsoft hackers also hit GOP Rep. Don Bacon of Nebraska

Threat actors use beta apps to bypass mobile app store security

New Apple iOS 16 Exploit Enables Stealthy Cellular Access Under Fake Airplane Mode

Approximately 2000 Citrix NetScalers backdoored in mass-exploitation campaign

Discord.io confirms breach after hacker steals data of 760K users

Piratage des numéros de téléphone des policiers bernois

Des pirates informatiques s'emparent des données de 2800 policiers bernois

The New Frontline of Geopolitics | Understanding the Rise of State-Sponsored Cyber Attacks

Phishing pages placed on hacked websites

Users of cybercrime forums often fall victim to info-stealers, researchers find

Prominent Threat Actor Accidentally Infects Own Computer with Info-Stealer

Notorious phishing platform shut down, arrests in international police operation

LinkedIn under attack, malicious hackers seize accounts

PowerHell: Active Flaws in PowerShell Gallery Expose Users to Attacks

Dark Web Profile: 8Base Ransomware

Raccoon Stealer Announce Return After Hiatus

'DoubleDrive' attack turns Microsoft OneDrive into ransomware

This $70 device can spoof an Apple device and trick you into sharing your password

Livraison de chars à l’Ukraine: des cyberpirates russes publient un document du Seco

Ransomware tracker: The latest figures [August 2023]

Faire de la cybersécurité une tâche régalienne

Meet NoEscape: Avaddon ransomware gang's likely successor

Stealth Mode: Chinese Cyber Espionage Actors Continue to Evolve Tactics to Avoid Detection | Mandiant

Mac systems turned into proxy exit nodes by AdLoad

An Apple Malware-Flagging Tool Is ‘Trivially’ Easy to Bypass

Want to pwn a satellite? Turns out it's surprisingly easy

New ‘Downfall’ Flaw Exposes Valuable Data in Generations of Intel Chips

Analysis: MOVEit hack spawned over 600 breaches but is not done yet -cyber analysts | Reuters

Biden-Harris Administration Launches Artificial Intelligence Cyber Challenge to Protect America’s Critical Software | The White House

Cyber-attack on UK's electoral registers revealed

5 arrested in Poland for running bulletproof hosting service for cybercrime gangs | Europol

Des hackers ont accédé aux données client d’une banque en ligne

Des pirates informatiques russes ont publié un document sensible de la Confédération

Microsoft’s Role in Email Breach by Suspected Chinese Hackers Part of US Inquiry

“Please do not make it public”: Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping

Researchers watched 100 hours of hackers hacking honeypot computers

Interpol takes down 16shop phishing-as-a-service platform

Nearly every AMD CPU since 2017 vulnerable to Inception bug

Electoral Commission apologises for security breach involving UK voters’ data | Electoral Commission | The Guardian

Spyware maker LetMeSpy shuts down after hacker deletes server data

Don’t you (forget NLP): Prompt injection with control characters in ChatGPT

Midnight Blizzard conducts targeted social engineering over Microsoft Teams

Tenable CEO accuses Microsoft of negligence in addressing security flaw

CVE-2023-35082 - MobileIron Core Unauthenticated API Access Vulnerability | Rapid7 Blog

Guarding the Bridge: New Attack Vectors in Azure AD Connect

Reptile Malware Targeting Linux Systems

Microsoft…The Truth Is Even Worse Than You Think

Russia-backed hackers used Microsoft Teams to breach government agencies | TechCrunch

Unpacking the Threats Within: The Hidden Dangers of .zip Domains

Into the tank with Nitrogen

Tomcat Under Attack: Exploring Mirai Malware and Beyond

Malicious Batch File (*.bat) Disguised as a Document Viewer Being Distributed (Kimsuky)

Apple Crimeware | Massive Rust Infostealer Campaign Aiming for macOS Sonoma Ahead of Public Release

GameOverlay Vulnerability Impacts 40% of Ubuntu Workloads

TETRA Radio Code Encryption Has a Flaw: A Backdoor

Critical Infrastructure Companies Warned to Watch for Ongoing Cyberattack

Ivanti warns of second vulnerability used in attacks on Norway gov’t

U.S. Hunts Chinese Malware That Could Disrupt American Military Operations

Two privilege escalation flaws affect 40% of Ubuntu workloads in OverlayFS

Almost 40% of Ubuntu users vulnerable to new privilege elevation flaws

Cryptojacking: Understanding and defending against cloud compute resource abuse

Apple issues third mobile OS update after zero-click spyware campaign

DDoS threat report for 2023 Q2

Apple slams UK surveillance-bill proposals

Threat Actors Add .zip Domains to Their Phishing Arsenals

JumpCloud says 'nation state' gang hit some customers

CVE-2023-38408: Remote Code Execution in OpenSSH’s forwarded ssh-agent

[Security Update] Incident Details

WormGPT - The Generative AI Tool Cybercriminals Are Using to Launch BEC Attacks

Microsoft takes pains to obscure role in 0-days that caused email breach

Inside the subsea cable firm secretly helping American take on China

WormGPT: New AI Tool Allows Cybercriminals to Launch Sophisticated Cyber Attacks

WordPress plugin installed on 1 million+ sites logged plaintext passwords

AVrecon malware infects 70,000 Linux routers to build botnet

BlackLotus UEFI Bootkit Source Code Leaked on GitHub

Cybercriminalité : sept suspects identifiés pour du « phishing / hameçonnage »

Piratage de Xplain: La Confédération menacée par une vague de plaintes

Microsoft changes signing key system breached by Chinese hackers to steal US gov’t data

ShadowVault is the latest Mac data-stealer malware, reportedly

Uncovering weaknesses in Apple macOS and VMWare vCenter: 12 vulnerabilities in RPC implementation

Chinese hackers breached US government email accounts, Microsoft and White House say | CNN Politics

Chinese hackers breached U.S. and European government email through Microsoft bug

Les données de hooligans ayant sévi en Suisse publiées sur le darknet (update) | ICTjournal

The Spies Who Loved You: Infected USB Drives to Steal Secrets

Hackers exploit gaping Windows loophole to give their malware kernel access

Microsoft Revokes Malicious Drivers in Patch Tuesday Culling

Apple confirms WebKit security updates break browsing on some sites

Apple releases emergency update to fix zero-day exploited in attacks

Inside the secret cyberwar against Putin’s regime

Storm-0978 attacks reveal financial and espionage motives

HCA Healthcare patient data stolen and for sale by hackers

Six Malicious Python Packages in the PyPI Targeting Windows Users

It’s Raining Phish and Scams – How Cloudflare Pages.dev and Workers.dev Domains Get Abused | Trustwave

The five-day job: A BlackByte ransomware intrusion case study

Une entreprise genevoise au cœur d’une vaste opération d’influence des Emirats arabes unis

Unmasking the Meduza Stealer: Comprehensive Analysis & Countermeasures

Two spyware tied with China found hiding on the Google Play Store

Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attacks

Hacks targeting British exam boards raise fears of students cheating

FBI digital sting against Hive cybercrime group shows the promise — and limits — of hacking hackers

Port of Nagoya cyberattack: Japanese port paralysed by LockBit

BlueNoroff | How DPRK’s macOS RustBucket Seeks to Evade Analysis and Detection -

Suspected key figure of notorious cybercrime group arrested in joint operation

Clop Ransomware: History, Timeline, And Adversary Simulation

BlackCat Operators Distributing Ransomware Disguised as WinSCP via Malvertising

Campagne MOVEit : Cl0p divulgue une grande quantité de données volées à Cegedim

Au mois de juin, la menace des infostealers n’a pas faibli

Following NoName057(16) DDoSia Project’s Targets

Chinese Threat Actors Targeting Europe in SmugX Campaign

Detecting Popular Cobalt Strike Malleable C2 Profile Techniques

Malvertising Used as Entry Vector for BlackCat Actors Also Leverage SpyBoy Terminator

Decrypted: Akira Ransomware

NCSC marks 20th anniversary of first response to state-sponsored cyber attack

TSMC Says Supplier Hacked After Ransomware Group Claims Attack on Chip Giant

A cause de la cyberattaque contre Xplain, des secrets d'Etat sont en ligne

Des données confidentielles sur des conseillers fédéraux volées lors de la cyberattaque

High school changes every student’s password to ‘Ch@ngeme!’

CVE-2023-27997 is Exploitable, and 69% of FortiGate…

TSMC confirms data breach after LockBit cyberattack on third-party supplier

Malware Execution Method Using DNS TXT Record

SEC notifies SolarWinds CISO and CFO of possible action in cyber investigation

Tracing Ransomware Threat Actors Through Stylometric Analysis and Chat Log Examination

Une équipe d’intervention cantonale épaulera les communes vaudoises en cas de cyberattaque

Akira Ransomware Extends Reach to Linux Platform

Swiss intelligence warns of fallout in cyberspace as West clamps down on spies

CHU de Rennes : un compte de prestataire détourné pour la cyberattaque

Microsoft Teams vulnerability allows attackers to deliver malware to employees

Dismantling encrypted criminal EncroChat communications leads to over 6 500 arrests and close to EUR 900 million seized

Pour la loi suisse, le piratage éthique peut être licite

VMware ESXi Zero-Day Used by Chinese Espionage Actor to Perform Privileged Guest Operations on Compromised Hypervisors

Siemens Energy confirms data breach after MOVEit data-theft attack

LetMeSpy, a phone tracking app spying on thousands, says it was hacked

Process Mockingjay: Echoing RWX In Userland To Achieve Code Execution

PindOS: New JavaScript Dropper Delivering Bumblebee and IcedID

PyPI Attackers Still At It: Malicious Packages Drop Trojans and Info-stealers

Emerging Threat! Exposing JOKERSPY

IoT Under Siege: The Anatomy of the Latest Mirai Campaign Leveraging Multiple IoT Exploits

Dissecting TriangleDB, a Triangulation spyware implant

Condi DDoS Botnet Spreads via TP-Link's CVE-2023-1389

BlueDelta Exploits Ukrainian Government Roundcube Mail Servers to Support Espionage Activities | Recorded Future

ASUS urges customers to patch critical router vulnerabilities

KeePassXC Vulnerability CVE-2023-35866 allows attackers to change the master password and second-factor authentication settings

Anonymous Sudan: Who are the hackers behind Microsoft’s cloud outages?

Le piratage de la société Xplain, une véritable bombe à retardement pour la Suisse

XSS Vulnerabilities in Azure Led to Unauthorized Access to User Sessions - SecurityWeek

Des données personnelles aussi touchées lors de la cyberattaque contre la Confédération - rts.ch - Suisse

Piratage: la Suisse est très mauvaise élève de la cybersécurité

Hijacking S3 Buckets: New Attack Technique

Microsoft says early June disruptions to Outlook, cloud platform, were cyberattacks

A simple bug exposed access to thousands of smart security alarm systems

Cyberattaques massives contre la Suisse, huit questions pour analyser une semaine folle

A Shady Chinese Firm’s Encryption Chips Got Inside NATO and NASA

Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China

Suspected LockBit ransomware affiliate arrested, charged in US

Fake Security Researcher GitHub Repositories Deliver Malicious Implant

Déferlante d’attaques DDoS en Suisse revendiquées par des hacktivistes pro-russes

Ransomware gang lists first victims of MOVEit mass-hacks, including US banks and universities | TechCrunch

Microsoft Encrypted Restricted Permission Messages Deliver Phishing | Trustwave

Ce qui se cache derrière les cyberattaques pro-russes contre la Suisse

Cadet Blizzard emerges as a novel and distinct Russian threat actor | Microsoft Security Blog

The Phantom Menace: Brute Ratel remains rare and targeted

TAG Aviation: Black Basta pirate une compagnie romande

Switzerland under cyberattack

Microsoft June 2023 Patch Tuesday fixes 78 flaws, 38 RCE bugs

Analysis of CVE-2023-27997 and Clarifications on Volt Typhoon Campaign

Xortigate, or CVE-2023-27997 - The Rumoured RCE That Was

CVE-2023-34362

Sites officiels paralysés: L’administration fédérale suisse fait l’objet d’une attaque informatique | 24 heures

Microsoft 365 sous le feu nourri d'attaques DDoS Dominique Filippone , publié le 09 Juin 2023

How North Korea’s Hacker Army Stole $3 Billion in Crypto, Funding Nuclear Program

Shell Recharge security lapse exposed EV drivers’ data

Les CFF et le canton d'Argovie aussi concernés par la cyberattaque qui a touché la société Xplain

MOVEit Transfer and MOVEit Cloud Vulnerability

Turkish Citizens' Personal Data Offered Online After Govt Site Hacked

Pro-Ukraine hackers bring Russian banking system to its knees

La commune vaudoise de Bex touchée par une cyberattaque

Another huge US medical data breach confirmed after Fortra mass-hack

Clop Ransomware Likely Sitting on MOVEit Transfer Vulnerability (CVE-2023-34362) Since 2021

Analysis of CVE-2023-29336 Win32k Privilege Escalation

Unmasking the Darkrace Ransomware Gang

Le site web du parlement suisse attaqué par des hackers

CVE-2023-34362: MOVEit Transfer SQL Injection Vulnerability Threat Brief

ChatGPT creates mutating malware that evades detection by EDR

Mass exploitation of critical MOVEit flaw is ransacking orgs big and small | Ars Technica

Trustwave Action Response: Zero Day Exploitation of MOVEit (CVE-2023-34362)

GobRAT malware written in Go language targeting Linux routers

How malicious extensions hide running arbitrary code

Hackers steal Swiss police and customs data

Russian Radio Stations Hacked, Fake Putin Message Announcing Invasion of Russia Broadcast

L’armée suisse et Fedpol touchés par une cyberattaque

MOVEit hack: BBC, BA and Boots among cyber attack victims

New Magecart-Style Campaign Abusing Legitimate Websites to Attack Others | Akamai

Rapid7 Observed Exploitation of Critical MOVEit Transfer Vulnerability

Enzo Biochem Ransomware Attack Exposes Information of 2.5M Individuals - SecurityWeek

New macOS vulnerability, Migraine, could bypass System Integrity Protection | Microsoft Security Blog

‘Gravity Forms’ WordPress Plugin Found Vulnerable to PHP Object Injection

Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft

“Clickless” iOS exploits infect Kaspersky iPhones with never-before-seen malware | Ars Technica

A Matter of Triangulation.

Zero Day Initiative — CVE-2023-24941: Microsoft Network File System Remote Code Execution

Terminator antivirus killer is a vulnerable Windows driver in disguise

Millions of Gigabyte Motherboards Were Sold With a Firmware Backdoor | WIRED

EDR bypassing via memory manipulation techniques | WithSecure™ Labs

Iranian dissidents take over high-security servers of regime presidency |

New hacking forum leaks data of 478,000 RaidForums members

Hauts-de-Seine : les petits pirates informatiques avaient rançonné le pôle Leonard de Vinci

The professionalization of cyber crime

ABB provides details about IT security incident

Tesla Files: Un vol de données met Tesla dans l'embarras

Vulnerability in GCP CloudSQL Leads to Data Exposure

Here’s how long it takes new BrutePrint attack to unlock 10 different smartphones

Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware

Inner workings revealed for “Predator,” the Android malware that exploited 5 0-days

Old Wine in the New Bottle: Mirai Variant Targets Multiple IoT Devices

NHS data breach: trusts shared patient details with Facebook without consent | Health | The Guardian

Armenia spyware victims: Pegasus hacking in war

COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises | Mandiant

Barracuda email security appliances hacked via zero-day vulnerability (CVE-2023-2868) - Help Net Security

Chinese Cyberespionage Group BRONZE SILHOUETTE Targets U.S. Government and Defense Organizations

Free VPN Service SuperVPN Exposes 360 Million User Records

Wordfence Firewall Blocks Bizarre Large-Scale XSS Campaign

Barracuda identified a vulnerability (CVE-2023-2868) in our Email Security Gateway appliance (ESG) on May 19, 2023.

Volt Typhoon targets US critical infrastructure with living-off-the-land techniques

Malvertising via brand impersonation is back again

German arms company Rheinmetall confirms Black Basta ransomware group behind cyberattack

IT employee impersonates ransomware gang to extort employer

Apple fixes three new zero-days exploited to hack iPhones, Macs

Don't @ Me: URL Obfuscation Through Schema Abuse

BlackCat Ransomware Deploys New Signed Kernel Driver

Up to 100 cases taken over HSE cyberattack, judge told

Beijing Bans Micron as Supplier to Big Chinese Firms, Citing National Security

Popular Android TV boxes sold on Amazon are laced with malware

MalasLocker ransomware targets Zimbra servers, demands charity donation

Lemon Group’s Cybercriminal Businesses Built on Preinfected Devices

Visualizing QakBot Infrastructure

“FleeceGPT” mobile apps target AI-curious to rake in cash

KeePass flaw allows retrieval of master password, PoC is public (CVE-2023-32784)

GitHub - vdohney/keepass-password-dumper

Discord discloses data breach after support agent got hacked

SIM Swapping and Abuse of the Microsoft Azure Serial Console: Serial Is Part of a Well Balanced Attack

Piratage et médias suisses, la justice entre en action

Malicious VSCode extensions with more than 45K downloads steal PII and enable backdoors - Check Point Blog

Review and analysis of fake Trezor cryptowallet

FBI confirms access to Breached cybercrime forum database

Securonix Threat Labs Security Advisory: Latest Update: Ongoing MEME#4CHAN Attack/Phishing Campaign uses Meme-Filled Code to Drop XWorm Payloads

WordPress Plugin Vulnerability Exposed Ferrari Website to Hackers

Hackers offer personal information of 500,000 Israeli students for sale

Ex-ByteDance Executive Accuses TikTok Parent Company of ‘Lawlessness’

How an Indiana hospital fought to recover from a cyberattack

The Race to Patch: Attackers Leverage Sample Exploit Code in Wordpress Plugin | Akamai

Toyota: Car location data of 2 million customers exposed for ten years

«Cloud souverain»: les cantons latins avancent groupés et font un appel du pied à la Confédération

Multinational tech firm ABB hit by Black Basta ransomware attack

White Phoenix: Beating Intermittent Encryption

Critical Privilege Escalation in Essential Addons for Elementor Plugin Affecting 1+ Million Sites

Uncovering RedStinger - Undetected APT cyber operations in Eastern Europe since 2020

Akira Ransomware is “bringin’ 1988 back”

infosec company owned completely by 4chan user

Google will provide dark web monitoring to all US Gmail users

Ghost in the network

Cybersecurity Firm Breach Exposes Tobacco Giant Philip Morris

Tennessee, Georgia colleges respond to cyberattacks as school year wraps up

New phishing-as-a-service tool “Greatness” already seen in the wild

Leak of Intel Boot Guard Keys Could Have Security Repercussions for Years

Deconstructing a Cybersecurity Event

Global Surveillance: The Secretive Swiss Dealer Enabling Israeli Spy Firms - National Security & Cyber

Justice Department Announces Court-Authorized Disruption of the Snake Malware Network Controlled by Russia's Federal Security Service

How macOS now tracks the provenance of apps

Snake: Coming soon in Mac OS X flavour – Fox-IT International blog

Microsoft May 2023 Patch Tuesday

Apple Fails to Fully Reboot iOS Simulator Copyright Case

oss-sec: [CVE-2023-32233] Linux kernel use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary reads and writes in kernel memory

‘PlugwalkJoe’ pleads guilty for the massive 2020 Twitter hack - The Verge

The Team of Sleuths Quietly Hunting Cyberattack-for-Hire Services

On the trail of the Dark Avenger: the most dangerous virus writer in the world

WordPress Advanced Custom Fields Pro plugin <= 6.1.5 - Reflected Cross Site Scripting (XSS) vulnerability

Dump these Cisco phone adapters because it's not fixing them

Meet Akira — A new ransomware operation targeting the enterprise

MSI Breach Leaks Intel BootGuard & OEM Image Signing Keys, Compromises Security of Over 200 Devices & Major Vendors

OpenAI’s regulatory troubles are just beginning

Who Gets the Algorithm? The Bigger TikTok Danger

Can Better Training Reduce the Success Rate of Phishing Attacks?

From Campus Rape Cases to Child Abuse Reports, ‘Worst-Case’ Data Breach Rocks MN Schools

The malware threat landscape: NodeStealer, DuckTail, and more

Atomic Stealer | Threat Actor Spawns Second Variant of macOS Malware Sold on Telegram

Passkeys: What they are and how to use them

Apple et Google s’accordent sur un cahier des charges industriel pour lutter contre le pistage

Bad Actors Are Joining the AI Revolution: Here’s What We’ve Found in the Wild

AI-Powered 'BlackMamba' Keylogging Attack Evades Modern EDR Security

SolarWinds: The Untold Story of the Boldest Supply-Chain Hack

What is a Rapid Security Response (RSR)

BouldSpy: Android Spyware Tied to Iranian Police Targets Minorities

Apple uses iOS and macOS Rapid Security Response feature for the first time

FIN7 tradecraft seen in attacks against Veeam backup servers

Investigating ChatGPT phishing detection capabilities

AI Chatbots Have Been Used to Create Dozens of News Content Farms

LockBit and Cl0p ransomware gangs actively exploiting Papercut vulnerabilities

DOJ Detected SolarWinds Breach Months Before Public Disclosure

Le Département de la défense et des banques testent le partage confidentiel de données de cybermenace

Magecart threat actor rolls out convincing modal forms

Hackers Leaked Minneapolis Students' Psychological Reports, Allegations of Abuse

RTM Locker Ransomware as a Service (RaaS) Now on Linux - Uptycs

Never Connect to RDP Servers Over Untrusted Networks

Mirai Botnet Attackers Exploit TP-Link Router Bug

Attackers Use Containers for Profit via TrafficStealer

Cyble — Threat Actor Selling New Atomic macOS (AMOS) Stealer on Telegram

VMware Patches Critical Vulnerability Disclosed at Pwn2Own Hacking Contest

Smartphones With Popular Qualcomm Chip Secretly Share Private Information With US Chip-Maker

Meet the hacker armies on Ukraine's cyber front line

Analysis of Pre-Auth RCE in Sophos Web Appliance (CVE-2023-1671)

Software Maker 3CX Was Compromised in First-of-its-Kind Threaded Supply-Chain Hack

X_Trader Supply Chain Attack Affects Critical Infrastructure Organizations in U.S. and Europe

Retour d'experience du Centre Hospitalier de Cahors

'RustBucket' malware targets macOS

Linux malware strengthens links between Lazarus and the 3CX supply‑chain attack

3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible

Threat Actors Rapidly Adopt Web3 IPFS Technology

‘AuKill’ EDR killer malware abuses Process Explorer driver

TikTok reste autorisé sur les téléphones des fonctionnaires suisses

Cybersécurité et désinformation: Berne crée un nouveau Secrétariat d’État pour la sécurité civile

Black Basta claims it's selling off stolen Capita data

in2al5d p3in4er is Almost Completely Undetectable

LockBit for Mac | How Real is the Risk of macOS Ransomware?

Apple’s high security mode blocked NSO spyware, researchers say | TechCrunch

Summary of the Investigation Related to CVE-2023-0669

Triple Threat: NSO Group’s Pegasus Spyware Returns in 2022 with a Trio of iOS 15 and iOS 16 Zero-Click Exploit Chains

QBot banker delivered through business correspondence

CVE-2023-21554: MSMQ

Analyzing an arm64 mach-O version of LockBit

Linux kernel logic allowed Spectre attack on major cloud

Google Chrome emergency update fixes first zero-day of 2023

The (Not so) Secret War on Discord

A Computer Generated Swatting Service Is Causing Havoc Across America

Espionage campaign linked to Russian intelligence services

New hacker advocacy group seeks to protect work of security researchers

Vice Society: A Tale of Victim Data Exfiltration via PowerShell, aka Stealing off the Land

Hackers claim vast access to Western Digital systems

En Suisse comme en France, la vidéosurveillance progresse à une vitesse fulgurante

Discord member details how documents leaked from closed chat group

Nokoyawa ransomware attacks with Windows zero-day

Microsoft’s April 2023 Patch Tuesday Addresses 97 CVEs (CVE-2023-28252)

DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia

Sweet QuaDreams: A First Look at Spyware Vendor QuaDream’s Exploits, Victims, and Customers - The Citizen Lab

Mercenary spyware hacked iPhone victims with rogue calendar invites, researchers say | TechCrunch

Balada Injector: Synopsis of a Massive Ongoing WordPress Malware Campaign

Data-leak flaw in Qualcomm, HiSilicon-based Wi-Fi AP chips

MERCURY and DEV-1084: Destructive attack on hybrid environment - Microsoft Security Blog

Cyble — Demystifying Money Message Ransomware

Leaked Pentagon Document Claims Russian Hacktivists Breached Canadian Gas Pipeline Company

From Discord to 4chan: The Improbable Journey of a US Intelligence Leak - bellingcat

MSI Confirms Breach as Ransomware Gang Claims Responsibility

L'Anssi pourra bloquer les noms de domaine liés à des cyberattaques

Exploit available for critical bug in VM2 JavaScript sandbox library

Samsung Fab Workers Leak Confidential Data While Using ChatGPT

Cyble — New Cylance Ransomware with Power-Packed CommandLine Options

ALPHV Ransomware Affiliate Targets Vulnerable Backup Installations to Gain Initial Access

Special Report: Tesla workers shared sensitive images recorded by customer cars | Reuters

Apple fixes two zero-days exploited to hack iPhones and Macs

Stopping cybercriminals from abusing security tools

Resecurity uncovers STYX, new cybercriminal platform focused on financial fraud - Help Net Security

Mac Malware MacStealer Spreads as Fake P2E Apps

Troy Hunt: Seized Genesis Market Data is Now Searchable in Have I Been Pwned, Courtesy of the FBI and "Operation Cookie Monster"

Rilide: A New Malicious Browser Extension for Stealing Cryptocurrencies

Chinese fraudsters: evading detection and monetizing stolen credit card information

Who Broke NPM?: Malicious Packages Flood Leading to Denial of Service

National Cyber Force reveals how daily cyber operations protect the UK

Winter Vivern | Uncovering a Wave of Global Espionage

Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack | Securelist

Rorschach – A New Sophisticated and Fast Ransomware

3CX Desktop App Compromised (CVE-2023-29059)

Android app from China executed 0-day exploit on millions of devices | Ars Technica

Cyble — Cl0p Ransomware: Active Threat Plaguing Businesses Worldwide

Western Digital discloses network breach, My Cloud service down

New Money Message ransomware demands million dollar ransoms

Pinduoduo: One of China's most popular apps has the ability to spy on its users, say experts

Meet the FSB contractor: 0Day Technologies

Qakbot mechanizes distribution of malicious OneNote notebooks

Information on Attacks Involving 3CX Desktop App

Creal: New Stealer Targeting Cryptocurrency Users Via Phishing Sites

Privacy, a chi tocca proteggere gli studenti?

Exploitation is a Dish Best Served Cold: Winter Vivern Uses Known Zimbra Vulnerability to Target Webmail Portals of NATO-Aligned Governments in Europe

Spyware vendors use 0-days and n-days against popular platforms

‘Vulkan files’ leak reveals Putin’s global and domestic cyberwarfare tactics

3CX VoIP Software Compromise & Supply Chain Threats

3CX Security Alert for Electron Windows App

Ironing out (the macOS details) of a Smooth Operator

3CX: Supply Chain Attack Affects Thousands of Users Worldwide

Hackers compromise 3CX desktop app in a supply chain attack

3CX users under DLL-sideloading attack: What you need to know

New OpcJacker Malware Distributed via Fake VPN Malvertising

The criminal use of ChatGPT – a cautionary tale about large language models

Guidance for investigating attacks using CVE-2023-23397

France bans all recreational apps from government devices

MacStealer: New macOS-based Stealer Malware Identified

NCA infiltrates cyber crime market with disguised DDoS sites

Throttling and Blocking Email from Persistently Vulnerable Exchange Servers to Exchange Online - Microsoft Community Hub

La NZZ victime d'un ransomware

Shining Light on Dark Power: Yet Another Ransomware Gang

Raiffeisen, Cler, BCGE... Des données bancaires exposées sur le web, à l'insu des clients

OK, it’s time to freak out about AI

New victims come forward after mass-ransomware attack

Emotet resumes spam operations, switches to OneNote

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

Journalist opens USB letter bomb in newsroom

Session Cookies, Keychains, SSH Keys and More | 7 Kinds of Data Malware Steals from macOS Users

Reversing Emotet Dropping Javascript

Ferrari Hacked - Attackers Compromised The Ferrari IT Systems

Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace

BlackMamba ChatGPT Polymorphic Malware | A Case of Scareware or a Wake-up Call for Cyber Security?

A Fake Project Related to the Sandbox Malspam

Wave of Arrests Hits Cybercriminals

Pixel Markup vulnerability allows screenshots to be un-redacted

Les trackers GPS et Bluetooth, des petites balises dont il faut se méfier

Google says hackers could silently own your phone until Samsung fixes its modems

Everything We Know About CVE-2023-23397

Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation

BatLoader Continues to Abuse Google Search Ads to Deliver…

Microsoft patches zero-days used by state-sponsored and ransomware threat actors (CVE-2023-23397, CVE-2023-24880)

Ransomware Attacks Have Entered a ‘Heinous’ New Phase

Microsoft’s March 2023 Patch Tuesday Addresses 76 CVEs (CVE-2023-23397)

Ransomware Group Claims Hack of Amazon's Ring

Prometei botnet improves modules and exhibits new capabilities in recent updates

Rogue CyberSecurity Company Employee Tried To Sell Powerful, Stolen iPhone Malware For $50-Million

GoBruteforcer: Golang-Based Botnet Actively Harvests Web Servers

Czech cybersecurity office labels TikTok a security threat

Ransomware gang posts video of data stolen from Minneapolis schools

Medusa ransomware gang picks up steam as it targets companies worldwide

Telehealth startup Cerebral shared millions of patients' data with advertisers

Netcat Attack Cases Targeting MS-SQL Servers (LOLBins)

SCARLETEEL: Operation leveraging Terraform, Kubernetes, and AWS for data theft

Alerte sur des tentatives de piratage de comptes bancaires en Suisse

Gang leaks Lehigh Valley Health Network cancer patient photos as part of data hack

New HiatusRAT router malware covertly spies on victims - Lumen

A Noteworthy Threat: How Cybercriminals are Abusing OneNote

CVE-2023-27532

Acer Breached, Hacker Selling Access to 160GB of Stolen Data

Meta’s LLaMA Leaked to the Public, Thanks To 4chan

PoC exploit for recently patched Microsoft Word RCE is public (CVE-2023-21716)

Germany and Ukraine hit two high-value ransomware targets

We Found 28,000 Apps Sending Data to TikTok. A Ban Won't Help.

PyPi Packages Deliver Python Remote Access Tools

Credit Suisse breach spills info of high-net-worth clients

Biden National Cyber Strategy Seeks to Hold Software Firms Liable for Insecurity

FACT SHEET: Biden-Harris Administration Announces National Cybersecurity Strategy

How cybercriminals attack young gamers

BlackLotus UEFI bootkit: Myth confirmed

West ill-prepared to deal with evolving cyber threats, report concludes

Iron Tiger’s SysUpdate Reappears, Adds Linux Targeting

Hunting for Honkbox | Multistage macOS Cryptominer May Still Be Hiding

Lumma Stealer targets YouTubers via Spear-phishing Email | by S2W | S2W BLOG | Feb, 2023 | Medium

Intrusion dans les systèmes d'information de la Ville de Lille : le point sur la situation

U.S. Marshals Service hack compromises sensitive info

Danish parliament urges to remove TikTok over cybersecurity

LastPass breach update: The few additional bits of information

Canada bans TikTok on government devices

Hard-to-spot Mac crypto-mining threat, XMRig, hits Pirate Bay

PureCrypter targets government entities through Discord - Blog | Menlo Security

Stanford University discloses data breach affecting PhD applicants

Technical Advisory: Various Threat Actors Targeting ManageEngine Exploit CVE-2022-47966

TA569: SocGholish and Beyond

EXFILTRATOR-22 - An Emerging Post-Exploitation Framework

Cryptomonnaie: arrestation de deux Français suspectés d’avoir piraté la plateforme Platypus

OneNote Embedded file abuse

Suspect in major data theft case linked to Dutch-subsidized cybersecurity org

A year after Russia's invasion, the scope of cyberwar in Ukraine comes into focus

Beware of macOS cryptojacking malware.

Valve bans 40,000 Dota 2 cheaters through ‘honeypot’ patch

"Fobo" Trojan distributed as ChatGPT client for Windows

The Growing Threat of ChatGPT-Based Phishing Attacks

Google Delivers Record-Breaking $12M in Bug Bounties

Activision's Data Breach Contains Employee Information, Call of Duty and More, Report

Fortinet FortiNAC CVE-2022-39952 Deep-Dive and IOCs

Sensitive US military emails spill online

Hackers Start Selling Data Center Logins for Some of World’s Largest Corporations

The Gravediggers: How Eliminalia, a Spanish reputation management firm, buries the truth

Fog of war: how the Ukraine conflict transformed the cyber threat landscape

Magecart Attack Disguised as Google Tag Manager | Akamai

Ransomware pushes City of Oakland into state of emergency

German airport websites downed by DDoS attacks

FBI says it has 'contained' cyber incident on bureau's computer network

Clop ransomware claims it breached 130 orgs using GoAnywhere zero-day

Escroquerie aux SMS de l'Assurance maladie : les suspects volaient les numéros de téléphone depuis leur voiture

GoDaddy: Hackers stole source code, installed malware in multi-year breach

Hacker Uncovers How to Turn Traffic Lights Green With Flipper Zero

Microsoft February 2023 Patch Tuesday

Cisco warns of critical flaw in ClamAV antivirus

Hyundai and Kia issue software upgrades to thwart theft hack

Ethical hackers can now legally hack Belgian companies

The Israelis Destabilizing Democracy and Disrupting Elections Worldwide - National Security & Cyber - Haaretz

Ces hackers israéliens qui ont piraté les élections en Afrique

How undercover reporters caught ‘Team Jorge’ disinformation operatives on camera

Havoc Across the Cyberspace

IoC detection experiments with ChatGPT

Bogus URL Shorteners Redirect Thousands of Hacked Sites in AdSense Fraud Campaign

New MortalKombat ransomware and Laplas Clipper malware threats deployed in financially motivated campaign

Cloudflare mitigates record-breaking 71 million request-per-second DDoS attack

Apple sued for promising privacy, failing at it

Iran marks revolution anniversary, hackers interrupt state TV coverage

Uncle Sow: Dark Caracal in Latin America

Killnet Threat to Health and Public Sectors

Meet the Creator of North Korea’s Favorite Crypto Privacy Service

Investigating Intrusions From Intriguing Exploits

Une campagne de phishing fictive pour sensibiliser 25 PME romandes à la cybersécurité

Incendie OVH : une première décision de condamnation

Xiaomi, OnePlus, Top Android Phones in China Spy on You: Study

UK cracks down on ransomware actors

HTML Smuggling: The Hidden Threat in Your Inbox

Enigma Stealer Targets Cryptocurrency Industry with Fake Jobs

2023 Crypto Crime Trends: Illicit Cryptocurrency Volumes Reach All-Time Highs Amid Surge in Sanctions Designations and Hacking

Bitwarden password vaults targeted in Google ads phishing attack

OpenSSL fixes High Severity data-stealing bug – patch now!

Russia-linked Lockbit ransomware hacking gang threatens to publish Royal Mail data stolen in cyber attack

Sliver Malware With BYOVD Distributed Through Sunlogin Vulnerability Exploitations - ASEC BLOG

Iran responsible for Charlie Hebdo attacks

Cyberattaque contre l’Université de Zurich: des accès aux serveurs vendus sur le darkweb (update)

Onenote Malware: Classification and Personal Notes

Detecting OneNote Abuse

No Macro? No Worries. VSTO Being Weaponized by Threat Actors

Cybercrime: Les hackers avaient aussi sévi en Suisse

Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide

Ransomware : des centaines de serveurs VMware ESXi pris dans une vaste campagne

Un ransomware attaque les clients ESXi des hébergeurs français (MAJ)

Exploitation of GoAnywhere MFT zero-day vulnerability

https://infosec.exchange/@briankrebs/109795710941843934?s=09

Ransomware Roundup – Trigona Ransomware

.NET Virtualization Thrives in Malvertising Attacks

No Pineapple! –DPRK Targeting of Medical Research and Technology Sector

Following the Scent of TrickGate: 6-Year-Old Packer Used to Deploy the Most Wanted Malware

OneNote Documents Increasingly Used to Deliver Malware

Qakbot's Evolution Continues with New Strategies

HeadCrab: A Novel State-of-the-Art Redis Malware in a Global Campaign

Hospitals urged to tighten DDoS defenses after health data found on Killnet list

Pro-Russian DDoS attacks raise alarm in Denmark, U.S.

Google sponsored ads malvertising targets password manager

Action needed for GitHub Desktop and Atom users

‘InTheBox’ Web Injects Targeting Android Banking Applications Worldwide

Analyzing and remediating a malware infested T95 TV box from Amazon

Welcome to Goot Camp: Tracking the Evolution of GOOTLOADER Operations

IT specialists search and recruitment on the dark web

Exploring Killnet's Social Circles

A Major App Flaw Exposed the Data of Millions of Indian Students

Chinese PlugX Malware Hidden in Your USB Devices?

An unfaithful employee leaked Yandex source code repositoriesSecurity Affairs

Cybercriminals stung as HIVE infrastructure shut down

The Titan Stealer: Notorious Telegram Malware Campaign

Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats

La vidéosurveillance de l’armée présente des failles de sécurité

Suisse: Caméras de surveillance de l’armée jugées trop vulnérables

Apple patches are out – old iPhones get an old zero-day fix at last!

Following the LNK metadata trail

Threat groups are using Windows LNK files to gain access

Bitzlato: senior management arrested

how to completely own an airline in 3 easy steps

U.S. ‘No Fly List’ Leaks After Being Left in an Unsecured Airline Server

Hostile Takeover: Kraken Hacks Rival Darknet Market Solaris

Darth Vidar: The Dark Side of Evolving Threat Infrastructure

Risky Biz News: Crypto-crime volumes went down in 2022, ransomware payments too

New GTA Online exploit now allows cheaters to ban your account

Breaking Down the SEO Poisoning Attack | How Attackers Are Hijacking Search Results

Technical Advisory – Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434)

Des hackers détournent des sites de l’UE pour voler des infos bancaires

PayPal Notifies 35,000 Users of Data Breach

ManageEngine CVE-2022-47966 Technical Deep Dive

T-Mobile hacked to steal data of 37 million accounts in API data breach

Hackers push malware via Google search ads for VLC, 7-Zip, CCleaner

DNS changer in malicious mobile app used by Roaming Mantis

Batloader Malware Abuses Legitimate Tools Uses Obfuscated JavaScript Files in Q4 2022 Attacks

Apple launches major security updates around the world

Mailchimp says it was hacked — again

Russian founder of a cryptocurrency exchange known for funneling ransomware profits arrested

Assessing Potential Exploitation of Sophos Firewall and CVE-2022-3236

Can you rely on macOS Ventura for malware protection?

7 Ways Threat Actors Deliver macOS Malware in the Enterprise

InfoSec Handlers Diary Blog - SANS Internet Storm Center

Google Ads Exploited to Spread Malware

Google Ads Malware Wipes NFT Influencer's Crypto Wallet

Supply Chain Attack Using Identical PyPI Packages, “colorslib”, “httpslib”, and “libhttps”

Vice Society ransomware leaks University of Duisburg-Essen’s data

NortonLifeLock warns that hackers breached Password Manager accounts

Défense : les interrogations de l’état-major français face aux opérations cyber américaines en Europe

Sustaining Digital Certificate Security - TrustCor Certificate Distrust

Compromise of employee device, credentials led to CircleCI breach

A Police App Exposed Secret Details About Raids and Suspects | WIRED

Watch: Ukraine Army Video Tells Russians How to Surrender to a Drone

Accidentally Crashing a Botnet

Pro-Russia hackers use Telegram, GitHub to attack Czech presidential election

Royal Mail ransomware attackers threaten to publish stolen data

NoName057(16) - The Pro-Russian Hacktivist Group Targeting NATO

StrongPity espionage campaign targeting Android users

Misconfigured PostgreSQL Used to Target Kubernetes Clusters

Raspberry Robin's botnet second life

The OWASSRF + TabShell exploit chain

Nouvelles règles: Boom des enregistrements de pilotes de drone en Suisse

New Paper on Old Threema Protocol

Air France and KLM notify customers of account hacks

Armed With ChatGPT, Cybercriminals Build Malware And Plot Fake Girl Bots

Schools hit by cyber attack and documents leaked

Twitter leak: 200m+ account database now free to download

Slack Security Update

Cyberattack shutters the Guardian's office for a month

CircleCI warns of security breach — rotate your secrets!

Jenkins discloses dozens of zero-day bugs in multiple plugins

Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More

How do you know when macOS detects and remediates malware?

Data of over 200 million Deezer users stolen, leaks on hacking forum

New CatB Ransomware Employs 2-Year Old DLL Hijacking Technique To Evade Detection

Piratage Adecco : des données personnelles et bancaires (IBAN) dans la nature

Shc Linux Malware Installing CoinMiner

Ukraine Has Digitized Its Fighting Forces on a Shoestring

The Mac Malware of 2022 👾

Compromised PyTorch-nightly dependency chain between December 25th and December 30th, 2022.

U.S. targeted adversary cyber infrastructure to safeguard midterm vote

Ransomware gang gives decryptor to Toronto’s SickKids Hospital

Russian cyberattacks - Special Services - Gov.pl website

New YouTube Bot Malware Spotted Stealing User’s Sensitive Information

Pure coder offers multiple malware for sale in Darkweb forums

zhuowei/WDBFontOverwrite: Proof-of-concept app to overwrite fonts on iOS using CVE-2022-46689.

Twitter in data-protection probe after '400 million' user details up for sale

ZINC weaponizing open-source software - Microsoft Security Blog

ZetaNile: Open source software trojans from North Korea

New RisePro Stealer distributed by the prominent PrivateLoader

Cost of data breaches to surpass US$5mn per incident in 2023

What’s in a PR statement: LastPass breach explained

Shlayer Malware: Continued Use of Flash Updates

Shlayer malware abusing Gatekeeper bypass on macOS

L’art de l’évasion How Shlayer hides its configuration inside Apple proprietary DMG files

Hacker claims to be selling Twitter data of 400 million users

Threat Spotlight: XLLing in Excel - threat actors using malicious add-ins

Raspberry Robin Malware Targets Telecom, Governments

Custom-Branded Ransomware: The Vice Society Group and the Threat of Outsourced Development - SentinelOne

An infostealer comes to town: Dissecting a highly evasive malware targeting Italy

Notice of Recent Security Incident

New Ransomware Strains Emerging from Leaked Conti’s Source Code

EXCLUSIVE: TikTok Spied On Forbes Journalists

Meddler-in-the-Middle Phishing Attacks Explained MitM

Stolen certificates in two waves of ransomware and wiper attacks

New Kiss-a-dog Cryptojacking Campaign Targets Docker and Kubernetes

A Roomba recorded a woman on the toilet. How did screenshots end up on Facebook?

Guardian hit by serious IT incident believed to be ransomware attack

Okta's source code stolen after GitHub repositories hacked

2022: A Look Back On A Year Of Mass Exploitation

SentinelSneak: Malicious PyPI module poses as security software development kit

CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange

GoTrim: Go-based Botnet Actively Brute Forces WordPress Websites

Support King, banned by FTC, linked to new phone spying operation

Google ads lead to fake software pages pushing IcedID (Bokbot)

How ChatGPT can turn anyone into a ransomware and malware threat actor

Global crackdown against DDoS services shuts down most popular platforms

Très courtisées, les sociétés suisses de cybersécurité s’arrachent

Microsoft-signed malicious Windows drivers used in ransomware attacks

A Custom Python Backdoor for VMWare ESXi Servers

Apple fixes 'actively exploited' zero-day security vulnerability affecting most iPhones

Mallox Ransomware showing signs of Increased Activity

State-sponsored attackers actively exploiting RCE in Citrix devices, patch ASAP! (CVE-2022-27518)

Released: Citrix ADC and Citrix Gateway (security bulletin CTX474995) security update

Check Point Research analyzes files on the Dark Web and finds millions of records available

Pulling the Curtains on Azov Ransomware: Not a Skidsware but Polymorphic Wiper - Check Point Research

Scammers Are Scamming Other Scammers Out of Millions of Dollars

Phylum Detects Ongoing Typosquat/Ransomware Campaign in PyPI and NPM

Apple announces 3 new security features

Cisco discloses high-severity IP phone zero-day with exploit code

Pilfered Keys Free App Infected by Malware Steals Keychain Data

Cryptocurrency Scam - Pig Butchering

Pulse Connect Secure: A View from the Internet

Gaming firm Razer wins lawsuit against IT vendor over data leak, awarded $8.7m in damages

Hitching a ride with Mustang Panda

New MuddyWater Threat: Old Kitten; New Tricks

Apple rolls out end-to-end encryption for iCloud backups

Mustang Panda Uses the Russian-Ukrainian War to Attack Europe and Asia Pacific Targets

Leaked: The Altrnativ world of cybersurveillance

Top 10 macOS Malware Discoveries in 2022

Zerobot – New Go-Based Botnet Campaign Targets Multiple Vulnerabilities

Vice Society: Profiling a Persistent Threat to the Education Sector

Le renseignement espagnol muet sur le scandale du logiciel espion Pegasus

Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems

Winbiz change d’hébergeur: des milliers de clients toujours sans accès à leur comptabilité | ICTjournal

Blowing Cobalt Strike Out of the Water With Memory Analysis

Suspected Iran-Nexus TAG-56 Uses UAE Forum Lure for Credential Theft Against US Think Tank

W4SP continues to nest in PyPI: Same supply chain attack, different distribution method

Post-quantum cryptography: What is Emmanuel Macron talking about?

Purpose Built Proxy Services and the Malicious Activity They Enable

CVE-2022-21661: Exposing Database Info via WordPress SQL Injection

Connected medical devices are the Achilles' heel of healthcare orgs - Help Net Security

Schoolyard Bully Trojan Facebook Credential Stealer - Zimperium

En matière de transparence, communes et cantons sont à la traîne

Yvelines : cyberattaque contre l'hôpital André Mignot du centre hospitalier de Versailles

Preparing for a Russian cyber offensive against Ukraine this winter

Darknet markets generate millions in revenue selling stolen personal data

Fuite de données sensibles au Département de la justice à Zurich

La cybersécurité disposera de son propre office fédéral en Suisse

The Mystery of Metador | Unpicking Mafalda’s Anti-Analysis Techniques

Samsung, LG, Mediatek certificates compromised to sign Android malware

Google Online Security Blog: Memory Safe Languages in Android 13

Multiple Organisations compromised by Critical Authentication Bypass Vulnerability in Fortinet Products (CVE-2022-40684)

Lastpass says hackers accessed customer data in new breach

LockBit 3.0 ‘Black’ attacks and leaks reveal wormable capabilities and tooling

Play, ce nouveau ransomware utilisé contre les Alpes-Maritimes et ITS Group

Libye: la mise en examen de la société française Amesys et l'inculpation de deux cadres, confirmées en appel

U.S. bans sale and import of some tech from Chinese companies Huawei and ZTE

Detecting and Fingerprinting Infostealer Malware-as-a-Service platforms

Google pushes emergency Chrome update to fix 8th zero-day in 2022

Ransomware Roundup: Cryptonite Ransomware

Suisse: Une cyberattaque bloque la comptabilité de milliers de sociétés

Des dizaines de milliers d'entreprises victimes indirectes d'une cyberattaque

Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice | Proofpoint US

Nokia warns 5G security ‘breaches are the rule, not the exception’

Android SharkBot Droppers on Google Play Underline Platform's Security Needs

Why would you want to hack Electric Vehicle Charging Stations?

Researchers Explore Hacking VirusTotal to Find Stolen Credentials

Over 2 million users Affected with Browser Hijackers

Aurora: a rising stealer flying under the radar

A Leak Details Apple's Secret Dirt on Corellium, a Trusted Security Startup

Le ministre de l'Éducation nationale ne veut pas de Microsoft Office 365 ni de Google Workspace

Endurance Ransomware Claims Breach of US Federal Government

Vanuatu: Hackers strand Pacific island government for over a week

Control Your Types or Get Pwned: Remote Code Execution in Exchange PowerShell Backend

Exploit released for actively abused ProxyNotShell Exchange bug

Making Cobalt Strike harder for threat actors to abuse

Wi-Spy

Technical Analysis of the RedLine Stealer

AXLocker, Octocrypt, and Alice: Leading a new wave of Ransomware Campaigns

Michigan school districts reopen after three-day closure due to ransomware attack

A Comprehensive Look at Emotet’s Fall 2022 Return

CVE-2022-41622 and CVE-2022-41800 (FIXED): F5 BIG-IP and iControl REST Vulnerabilities and Exposures

Firefox fixes fullscreen fakery flaw – get the update now! – Naked Security

Cryptex: how a custom iPhone is changing macOS updates – The Eclectic Light Company

New RapperBot Campaign – We Know What You Bruting for this Time

Google Reaches $391.5 Million Settlement With States Over Location Tracking Practices

CVE-2022-45047: Apache MINA SSHD unsafe deserialization vulnerability

BumbleBee Zeros in on Meterpreter

Apple Hit With Class Action Alleging It Tracks Users Despite Privacy Assurances

LockBit ransomware suspect nabbed in Canada, faces charges in the US

Compromising Plesk via its REST API

Exploring ZIP Mark-of-the-Web Bypass Vulnerability (CVE-2022-41049)

PNG Steganography Hides Backdoor

Massive ois[.]is Black Hat Redirect Malware Campaign

Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns

Attacking Apple's Neural Engine

Prigozhin interests and Russian information operations

Mysterious company with government ties plays key internet role

Microsoft fixes many zero-days under attack

The Case of Cloud9 Chrome Botnet

A cyberattack blocked the trains in Denmark

Nation-state cyberattacks become more brazen as authoritarian leaders ramp up aggression

Insurance giant settles NotPetya lawsuit, signaling cyber insurance shakeup

Inside the global hack-for-hire industry

Crime group hijacks hundreds of US news websites to push malware

Last Week on My Mac: Home truths about macOS

Department for Education warned after gambling companies benefit from learning records database

How Qatar hacked the World Cup

Apple's Poor Patching Policies Potentially Make Users' Security and Privacy Precarious

Microsoft ties Vice Society hackers to additional ransomware strains

Crimson Kingsnake: BEC Group Impersonates…

Exploiting Static Site Generators: When Static Is Not Actually Static

Black Basta Ransomware | Attacks Deploy Custom EDR Evasion Tools Tied to FIN7 Threat Actor

Malware on the Google Play store leads to harmful phishing sites

Malicious App Developer Remains on Google Play

U.S. banks processed about $1.2 billion in ransomware payments in 2021

Nothing PUNY About OpenSSL (CVE-2022-3602)

Phylum Discovers Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply-Chain Attack

New Azov data wiper tries to frame researchers and BleepingComputer

Unmasking WindTape - Speaker Deck

How we handled a recent phishing incident that targeted Dropbox

Dormant Colors browser hijackers could be used for more nefarious tasks, report says

The Hunt for the Kingpin Behind AlphaBay, Part 1: The Shadow | WIRED

Inside TheTruthSpy, the stalkerware network spying on thousands • TechCrunch

What is ransomware-as-a-service and how is it evolving?

Incident Report: Employee and Customer Account Compromise

SiriSpy - iOS bug allowed apps to eavesdrop on your conversations with Siri

LV Ransomware Exploits ProxyShell in Attack on a Jordan-based Company

Pro-PRC DRAGONBRIDGE Influence Campaign Leverages New TTPs to Aggressively Target U.S. Interests, Including Midterm Elections

Stranger Strings: An exploitable flaw in SQLite

Advisory: Atlassian Jira Align Application, Version… | Bishop Fox

Unattributed RomCom Threat Actor Spoofing Popular Apps Now Hits Ukrainian Militaries

TommyLeaks and SchoolBoys: Two sides of the same ransomware gang

“Dormant Colors”: Live Campaign With Over 1M Data Stealing Extensions Installed

Intelligence Insights: October 2022

Mirai, RAR1Ransom, and GuardMiner – Multiple Malware Campaigns Target VMware Vulnerability

Operation Jackal: Interpol arrests Black Axe fraud suspects

Mairies : les pirates du groupe CUBA vident deux mairies françaises de leurs contenus

Exploited Windows zero-day lets JavaScript files bypass security warnings

Analysis of a Remote Code Execution (RCE) Vulnerability in Cobalt Strike 4.7.1

Reverse Engineering the Apple MultiPeer Connectivity Framework

How Vice Society got away with a global ransomware spree | Ars Technica

Starlink signals can be reverse-engineered to work like GPS—whether SpaceX likes it or not

Archive Sidestepping: Emotet Botnet Pushing Self-Unlocking Password-Protected RAR

From RM3 to LDR4: URSNIF Leaves Banking Fraud Behind

Domestic Kitten campaign spying on Iranian citizens with new FurBall malware

Grâce à une fausse enceinte Bluetooth JBL, ils réussissaient à voler des voitures

Melting the DNS Iceberg: Taking over your infrastructure Kaminsky style

TeamTNT Returns – or Does It?

Nouvelle cyberattaque contre le Réseau pédagogique neuchâtelois

Cyberattaque : comment Caen a évité le pire grâce à l’EDR d’HarfangLab

SafeBreach Uncovers Fully Undetectable Powershell Backdoor

A New Attack Surface on MS Exchange Part 4 - ProxyRelay!

CVE-2022-42889: Keep Calm and Stop Saying "4Shell"

Cyble Phishing ERMAC Android Malware Increasingly Active

Ransom Cartel Ransomware: A Possible Connection With REvil

BianLian Ransomware Encrypts Files in the Blink of an Eye

New “Prestige” ransomware impacts organizations in Ukraine and Poland

Microsoft Office 365 Message Encryption Insecure Mode of Operation | WithSecure™ Labs

New PHP Variant of Ducktail Infostealer Targeting Facebook Business Accounts

Software Delivery Shield protects the software supply chain

Threat Alert: Private npm Packages Disclosed via Timing Attacks

Alchimist: A new attack framework in Chinese for Mac, Linux and Windows

Black Basta Ransomware Gang Infiltrates networks via QAKBOT, Brute Ratel, and Cobalt Strike

POLONIUM targets Israel with Creepy malware

Malicious WhatsApp mod distributed through legitimate apps

Ransomware : qui paie et pourquoi ?

The Fresh Phish Market: Behind the Scenes of the Caffeine Phishing-as-a-Service Platform

New US Executive Order unlikely to satisfy EU law

Fake Ransomware Infection Under widespread

Intel Confirms Alder Lake BIOS Source Code Leak

Software Supply Chain Attackers; Organized, Persistent, and Operating for over a Year

On Agent Compromise in the Field

Hackers release data after LAUSD refuses to pay ransom

Jamf Threat Labs identifies macOS Archive Utility vulnerability allowing for Gatekeeper bypass (CVE-2022-32910)

White House announces new surveillance guardrails to meet EU Privacy Shield expectations

CVE-2022-40684: Critical Authentication Bypass in FortiOS and FortiProxy

CVE-2022-41352

Man arrested for alleged data breach SMS scam

MSSQL, meet Maggie. A novel backdoor for Microsoft SQL…

How 3 hours of inaction from Amazon cost cryptocurrency holders $235,000

Remove All The Callbacks – BlackByte Ransomware Disables EDR Via RTCore64.sys Abuse

PHP Supply Chain Attack on Composer

Bumblebee: increasing its capacity and evolving its TTPs

Malicious Tor Browser spreads through YouTube

A glimpse into the shadowy realm of a Chinese APT: detailed analysis of a ShadowPad intrusion – NCC Group Research

DeftTorero TTPs in 2019–2021

Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors | Mandiant

Lazarus hackers abuse Dell driver bug using new FudModule rootkit

Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium

Ukraine warns of 'massive cyberattacks' coming from Russia on critical infrastructure sites

Mystery Hackers Are ‘Hyperjacking’ Targets for Insidious Spying

Chaos is a Go-based Swiss army knife of malware

Warning: New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server

Witchetty: Group Uses Updated Toolset in Attacks on Governments in Middle East

ZINC weaponizing open-source software

Lindy Cameron at Chatham House security and defence conference 2022

BumbleBee: Round Two

NullMixer drops Redline Stealer, SmokeLoader and other malware | Securelist

Lazarus ‘Operation In(ter)ception’ Targets macOS Users Dreaming of Jobs in Crypto

Slack’s and Teams’ Lax App Security Raises Alarms

Poseidon’s Offspring: Charybdis and Scylla

In the footsteps of the Fancy Bear: PowerPoint mouse-over event abused to deliver Graphite implants

GRU: Rise of the (Telegram) MinIOns

BitBucket Server and Data Center at risk via Command Injection Vulnerability

Resolved RCE in Sophos Firewall (CVE-2022-3236)

New Malware Campaign Targets Zoom Users

2K Games' Support System Hacked

Unpatched 15-year old Python bug allows code execution in 350k projects

Tarfile: Exploiting the World With a 15-Year-Old Vulnerability

Noberus Ransomware: Darkside and BlackMatter Successor Continues to Evolve its Tactics

Malicious OAuth applications abuse cloud email services to spread spam

Void Balaur | The Sprawling Infrastructure of a Careless Mercenary

The Apple security landscape: Moving into the world of enterprise risk

Apple Kills Passwords in iOS 16 and macOS Ventura | WIRED

Domain Shadowing: A Stealthy Use of DNS Compromise for Cybercrime

Revealed: US Military Bought Mass Monitoring Tool That Includes Internet Browsing, Email Data

Los Angeles School District Hit by Ransomware Attack

Online Attack Disrupts Michigan School District for 2nd Day

LockBit ransomware builder leaked online by “angry developer”

Azure Cloud Shell Command Injection Stealing User’s Access Tokens

Threat Alert: New Malware in the Cloud By TeamTNT

Chromium Blog: Announcing the Launch of the Chrome Root Program

Affaire Pegasus: l'Union européenne se penche sur le dossier suisse - rts.ch - Monde

Six months into Breached: The legacy of RaidForums?

Incoscienti e sfacciati: le tecniche dei teenager che violano aziende

Revolut hack exposes data of 50,000 users, fuels new phishing wave

Credential Gathering From Third-Party Software

Malvertising on Microsoft Edge's News Feed pushes tech support scams

Ermittlungserfolg gegen Ransomware-Gruppierung

GTA 6 gameplay leaks online in 90 videos

Security update

Iran’s cyberwar goes global

Webworm: Espionage Attackers Testing and Using Older Modified RATs

RedLine spreads through ads for cheats and cracks on YouTube

Undermining Microsoft Teams Security by Mining Tokens

How Human Traffickers Force Victims Into Cyberscamming

Charming Kitten: “Can We Have A Meeting?”

Breach of software maker used to backdoor as many as 200,000 servers

New Wave of Espionage Activity Targets Asian Governments

Bumblebee Returns with New Infection Technique

Lampion Trojan Utilizes New Delivery through Cloud-Based Sharing

Dead or Alive? An Emotet Story

The Curious Case of “Monti” Ransomware: A Real-World Doppelganger

Inside Fog Data Science, the Secretive Company Selling Mass Surveillance to Local Police

Likely Iranian Threat Actor Conducts Politically Motivated Disruptive Activity Against Albanian Government Organizations

Corte dei conti e l'hacker che ha violato account WhatsApp

Campagne de phishing Instagram : la certification sur les réseaux sociaux, ou le nouveau piège des hackers

Documentos portugueses da NATO apanhados à venda na darkweb

Microsoft investigates Iranian attacks against the Albanian government

Crimeware Trends | Ransomware Developers Turn to Intermittent Encryption to Evade Detection

L'Albanie accuse l'Iran d'une cyberattaque qui a paralysé ses services publics

Conti vs. Monti: A Reinvention or Just a Simple Rebranding?

Centre hospitalier Sud-Francilien : ce que dit l’autopsie de la cyberattaque

PSA: Nearly 5 Million Attacks Blocked Targeting 0-Day in BackupBuddy Plugin

MagicRAT: Lazarus’ latest gateway into victim networks

Shikitega - New stealthy malware targeting Linux

Mirai Variant MooBot Targeting D-Link Devices

QNAP warns of zero-day vulnerability in latest DeadBolt ransomware campaign

SafeBreach Uncovers New Remote Access Trojan (RAT)

Malicious Cookie Stuffing Chrome Extensions with 1.4 Million Users

Sharkbot is back in Google Play

Stealing Clouds

Hackers Create Traffic Jam in Moscow by Ordering Dozens of Taxis at Once Through App

PyPI Phishing Campaign | JuiceLedger Threat Actor Pivots From Fake Apps to Supply Chain Attacks

Tech tool offers police ‘mass surveillance on a budget’

Researchers found one-click exploits in Discord and Teams

Traffers: a deep dive into the information stealer ecosystem

Cette entreprise vend des données aussi sensibles que des visites dans des centres IVG - Numerama

FTC says data broker sold consumers’ precise geolocation, including presence at sensitive healthcare facilities

EU and Greece veer toward standoff over wiretapping scandal – POLITICO

5G Networks Are Worryingly Hackable

Kimsuky’s GoldDragon cluster and its C2 operations | Securelist

Revealing Europe's NSO

An interview with initial access broker Wazawaka: 'There is no such money anywhere as there is in ransomware

Linux Kernel Exploit (CVE-2022-32250) with mqueue

Roasting 0ktapus: The phishing campaign going after Okta identity credentials

Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks - Microsoft Security Blog

MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone

Legitimate SaaS Platforms Being Used to Host Phishing Attacks

XCSSET Malware Update | macOS Threat Actors Prepare for Life Without Python

Vulnerability in Linux containers – investigation and mitigation

THREAT ANALYSIS REPORT: Bumblebee Loader – The High Road to Enterprise Domain Control

Fake DDoS Pages On WordPress Sites Lead to Drive-By-Downloads

Lloyd’s to Exclude Catastrophic Nation-Backed Cyberattacks From Insurance Coverage

CVE-2022-27925

Google And Cloudflare Are Changing The Trust Infrastructure of the Internet: A Long Goodbye to RSA and a Hello to ECC and ECDSA

New macOS malware 'CloudMensis' detected and prevented

Overview of the Cyber Weapons Used in the Ukraine

Reservations Requested: TA558 Targets Hospitality and Travel

Making Sense of the Killnet, Russia’s Favorite Hacktivists

Disrupting SEABORGIUM’s ongoing phishing operations

Operation In(ter)ception: Aerospace and military companies in the crosshairs of cyberspies | WeLiveSecurity

North Korean hackers use signed macOS malware to target IT job seekers

An inside view of domain anonymization as-a-service

The Return of LOIC, HOIC, HULK, and Slowloris to the Threat Landscape

DigitalOcean says customer email addresses were exposed after latest Mailchimp breach – TechCrunch

Impact to DigitalOcean customers resulting from Mailchimp security incident

Ransomware Now Threatens the Global South

Zoom’s latest update on Mac includes a fix for a dangerous security flaw

NHS IT supplier held to ransom by hackers

Cisco confirms May attack by Yanluowang ransomware group

Phishers who breached Twilio and targeted Cloudflare could easily get you, too

Hands-on with Lockdown Mode in iOS 16

You're M̶u̶t̶e̶d̶ Rooted

Palo Alto bug used for DDoS attacks and there's no fix yet

The Hacking of Starlink Terminals Has Begun

CISA warns of Windows and UnRAR flaws exploited in the wild

Comprehensive Threat Intelligence: Cisco Talos shares insights related to recent cyber attack on Cisco

So RapperBot, What Ya Bruting For?

Greek intelligence service admits spying on journalist

Last Week on My Mac: Is your Mac still secure from malware?

Attackers leveraging Dark Utilities "C2aaS" platform in malware campaigns

Woody RAT: A new feature-rich malware spotted in the wild

A Detailed Analysis of the RedLine Stealer

Manjusaka: A Chinese sibling of Sliver and Cobalt Strike

Large-Scale AiTM Attack targeting enterprise users of Microsoft email services

Raccoon Stealer v2: The Latest Generation of the Raccoon Family

Investigation report about the abuse of the Mac Appstore | by Privacy1St

A Cyberattack Illuminates the Shaky State of Student Privacy

Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us

Microsoft links Raspberry Robin malware to Evil Corp attacks

IPFS: The New Hotbed of Phishing

SEKOIA.IO Mid-2022 Ransomware Threat Landscape

LockBit Implements New Technique by Leaking Victim Negotiations

LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities

Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits

Justice Department seizes $500K from North Korean hackers who targeted US medical organizations

8220 Gang Massively Expands Cloud Botnet to 30,000 Infected Hosts

Kaspersky report on Luna and Black Basta ransomware

Exclusive: U.S. probes China's Huawei over equipment near missile silos

[CVE-2022-34918] A crack in the Linux firewall

Google ads lead to major malvertising campaign

Russia Released a Ukrainian App for Hacking Russia That Was Actually Malware

China: Declaration by the Minister for Foreign Affairs on behalf of the Belgian Government urging Chinese authorities to take action against malicious cyber activities undertaken by Chinese actors

I see what you did there: A look at the CloudMensis macOS spyware

Pegasus used to spy on protesters, a popular actress, and dozens more in Thailand, report shows

Busting browser fails: What attackers see when they hack your employees’ browser

Joker, Facestealer and Coper banking malwares on Google Play store

How I Hacked my Car Guides: Creating Custom Firmware

CVE-2022-30333

North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware

Did You Know Your Browser’s Autofill Credentials Could Be Stolen via Cross-Site Scripting (XSS)

Google Play hides app permissions in favor of developer-written descriptions

From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud

Ongoing phishing campaign can hack you even when you’re protected with MFA

European Central Bank head targeted in hacking attempt

Vice Society: a discreet but steady double extortion ransomware group

Why organizations should (and should not) worry about…

The US military wants to understand the most important software on Earth

A New Attack Can Unmask Anonymous Users on Any Major Browser

En Suisse, les Tesla filmant en permanence posent de gros problèmes

Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706 - Microsoft Security Blog

Europe’s PegasusGate: Countering spyware abuse

Russia, Killnet ha dichiarato guerra ai paesi che sostengono l'Ucraina

Verified Twitter accounts phished via hate speech warnings

Predatory Sparrow: Who are the hackers who say they started a fire in Iran?

THREAT ALERT: Raspberry Robin Worm Abuses Windows Installer and QNAP Devices

Identifier les détenteurs de véhicules peut être dangereux, en Suisse comme aux Etats-Unis

The Danger of License Plate Readers in Post-Roe America | WIRED

'I can fight with a keyboard': How one Ukrainian IT specialist exposed a notorious Russian ransomware gang

Hacktivists claiming attack on Iranian steel facilities dump tranche of 'top secret documents

Google Let Sberbank-Owned RuTarget Harvest User Data for Months

Il malware EnvyScout (APT29) è stato veicolato anche in Italia

This Is the Code the FBI Used to Wiretap the World

Cybersecurity experts question Microsoft's Ukraine report

After invasion of Ukraine, a reckoning on Russian influence in Austria

China Police Database Was Left Open Online for Over a Year, Enabling Leak

How a fake job offer took down the world’s most popular crypto game

Why the Equation Group (EQGRP) is NOT the NSA | xorl %eax, %eax

Unprecedented Shift: The Trickbot Group is Systematically Attacking Ukraine

Mykhailo Fedorov, de l’ombre à la cyberguerre

Dutch university wins big after Bitcoin ransom returned

Microsoft finds Raspberry Robin worm in hundreds of Windows networks

Ransomware review: June 2022

Mandiant Finds Possible Link Between Kremlin, Pro-Russian ‘Hacktivists’

Flubot: the evolution of a notorious Android Banking Malware

The SessionManager IIS backdoor: a possibly overlooked GELSEMIUM artefact

ZuoRAT Hijacks SOHO Routers to Silently Stalk Networks

Facing reality? Law enforcement and the challenge of deepfakes

FBI warns hackers are using deepfakes to apply for jobs

Unrar Path Traversal Vulnerability affects Zimbra Mail

Conti vs. LockBit: A Comparative Analysis of Ransomware Groups

LockBit 3.0 introduces the first ransomware bug bounty program

The Untold Story of NotPetya, the Most Devastating Cyberattack in History

Python packages upload your AWS keys, env vars, secrets to the web

The hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs

There Is More Than One Way to Sleep: Dive Deep Into the Implementations of API Hammering by Various Malware Families

From NtObjectManager to PetitPotam

Conti ransomware finally shuts down data leak, negotiation sites

NSA, Partners Recommend Properly Configuring, Monitoring PowerShell in New Report

7-zip now supports Windows ‘Mark-of-the-Web’ security feature

Raspberry Robin gets the worm early

The forgotten SUAVEEYEFUL FreeBSD software implant of the EQUATION GROUP

The curious tale of a fake Carrier.app

Spyware vendor targets users in Italy and Kazakhstan

APT ToddyCat

Defending Ukraine: Early Lessons from the Cyber War

Microsoft Plans to Eliminate Face Analysis Tools in Push for ‘Responsible A.I.’

How Russia’s vaunted cyber capabilities were frustrated in Ukraine

Council conclusions on a Framework for a coordinated EU response to hybrid campaigns

Nothing Has Changed: Website Retailers Selling Domains Meant for Illicit Goods and Services, Digital Citizens Alliance Investigation Finds

The Cybersecurity 202: Internet domain names are ripe for scam during coronavirus crisis

FBI says fraud on LinkedIn a 'significant threat' to platform and consumers

Russia's APT28 uses fear of nuclear war to spread Follina docs in Ukraine

Zero Day Initiative — CVE-2022-23088: Exploiting a Heap Overflow in the FreeBSD Wi-Fi Stack

BRATA is evolving into an Advanced Persistent Threat

Lookout Découverte d'un logiciel espion Android déployé au Kazakhstan

What It Means that the U.S. Is Conducting Offensive Cyber Operations Against Russia

Last Week on My Mac: Introducing XProtect Remediator, successor to MRT – The Eclectic Light Company

Analysis of dark web posts selling access to corporate networks

Telerik UI exploitation leads to cryptominer, Cobalt Strike infections

Police Linked to Hacking Campaign to Frame Indian Activists

Zimbra Email - Stealing Clear-Text Credentials via Memcache injection

Alphv-BlackCat non è più solo darkweb, pubblica anche su Internet "in chiaro"

A new vulnerability in Intel and AMD CPUs lets hackers steal encryption keys

Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild

Vulnerability discovered in Apple M1 chip

SeaFlower 藏海花 A backdoor targeting iOS web3 wallets

Lyceum .NET DNS Backdoor

ASyncRat surpasses Dridex, TrickBot and Emotet to become dominant email threat

Ucraina, oltre 100 attacchi cyber della guerra hanno avuto impatti in Europa

Symbiote: A New, Nearly-Impossible-to-Detect Linux Threat

EXCLUSIVE: U.S. Government Ordered Travel Companies To Spy On Russian Hacker For Years And Report His Whereabouts Every Week

Microsoft Diagnostic Tool "DogWalk" Package Path Traversal Gets Free Micropatches (0day/WontFix)

DOJ, FBI shut down marketplace for stolen Social Security numbers - The Record by Recorded Future

Russian Cyberattack Hits Wales-Ukraine Football Broadcast

SVCReady: A New Loader Gets Ready

Liveness tests used by banks to verify ID are ‘extremely vulnerable’ to deepfake attacks

Smartphones Blur the Line Between Civilian and Combatant

TrustPid is another worrying, imperfect attempt to replace tracking cookies

Horde Webmail - Remote Code Execution via Email

Analysis and Attribution of the Eternity Ransomware: Timeline and Emergence of the Eternity Group

Anonymous Hacktivists Leak 1TB of Top Russian Law Firm Data

Deadly secret: Electronic warfare shapes Russia-Ukraine war

Zero-Day Exploitation of Atlassian Confluence

Apple has pushed a silent Mac update to remove hidden Zoom web server

Cyberattaques: «Il s'agit davantage de terrorisme que de crime organisé»

US military hackers conducting offensive operations in support of Ukraine, says head of Cyber Command

Android FluBot enters Switzerland – SWITCH Security-Blog

Takedown of SMS-based FluBot spyware infecting Android phones

XLoader Botnet: Find Me If You Can

Pegasus, il Parlamento europeo vuole chiarezza. Gli Stati Ue no

ICO fines facial recognition database company Clearview AI Inc more than £7.5m and orders UK data to be deleted

Fronton: A Botnet for Creation, Command, and Control of Coordinated Inauthentic Behavior

Des chercheurs reprogramment un AirTag et pointent quelques trous dans la raquette d'Apple

Gimmick MacOS Malware Spreads Through Customized Files, Enables MacOS CodeSign Bypass - CloudSEK

New Linux-Based Ransomware Cheerscrypt Targets ESXi Devices

Large-scale Analysis of DNS-based Tracking Evasion - broad data leaks included?

Exclusive: Russian hackers are linked to new Brexit leak website, Google says

Guerre en Ukraine : Anonymous déclare la cyberguerre à Killnet, un collectif de hackers pro-russes

Anonymous Declares Cyber War Against Pro-Russia Hacker Group Killnet

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

Remote Code Execution on Western Digital PR4100 NAS (CVE-2022-23121)

Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices - Microsoft Security Blog

Pegasus vs. Predator: Dissident's Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware

CrateDepression | Rust Supply-Chain Attack Infects Cloud CI Pipelines with Go Malware

Protecting Android users from 0-Day attacks

The IO Offensive: Information Operations Surrounding the Russian Invasion of Ukraine

Canada bans Huawei and ZTE from 5G networks over security concerns

Malicious PyPI package opens backdoors on Windows, Linux, and Macs

Fears grow for smaller nations after ransomware attack on Costa Rica escalates

President Rodrigo Chaves says Costa Rica is at war with Conti hackers

Exploiting an Unbounded memcpy in Parallels Desktop

KillNet: Pro-Russian Hacktivists.

Killnet Cyber Attacks Against Italy and NATO Countries

New 'Smart' Cheese Rinds Help Fight Parmesan Fraud

Data Marketplace Selling Info About Who Uses Period Tracking Apps

Critical Privilege Escalation Vulnerability in Jupiter and JupiterX Premium Themes

Researchers devise iPhone malware that runs even when device is turned off

La vulnérabilité PetitPotam persiste malgré le patch tuesday

Eternity, poche centinaia di dollari per un ransomware o un malware per furto dati

Multi-factor Authentication to Generate $27 Billion Globally for Mobile Operators in 2022, Juniper Research Study Finds

Web ad firms scrape email addresses before you know it

US links Thanos and Jigsaw ransomware to 55-year-old doctor

A closer look at Eternity Malware

macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)

EU lands new law to fight off hackers in critical sectors

The Linux Foundation and Open Source Software Security Foundation (OpenSSF) Gather Industry and Government Leaders for Open Source Software Security Summit II

Zyxel silently patches command-injection vulnerability with 9.8 severity rating

Known macOS Vulnerabilities Led Researcher to Root Out New Flaws

Patch tuesday mai 2022 : 74 failles corrigées dont 1 exploitée

CVE-2022-26925 : Patchez vos machines Windows sans attendre

Russia hacked an American satellite company one hour before the Ukraine invasion

npm Supply Chain Attack Targeting Germany-Based Companies

Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself

Costa Rica declares national emergency after Conti ransomware attacks

L’Europe de la cyberdéfense

Dissecting Saintstealer

Russian TVs, search engines hacked on Victory Day with antiwar message

Apple, Google, and Microsoft commit to expanded support for FIDO standard

Vulnerability Analysis - CVE-2022-1388

From the Front Lines | Unsigned macOS oRAT Malware Gambles For The Win

MacOS Two-machine Kernel Debugging

Operation CuckooBees: Cybereason Uncovers Massive Chinese Intellectual Property Theft Operation

Apple, Google and Microsoft Commit to Expanded Support for FIDO Standard to Accelerate Availability of Passwordless Sign-Ins

How Data Brokers Sell Access to the Backbone of the Internet

Update on cyber activity in Eastern Europe

Nozomi Networks Discovers Unpatched DNS Bug in Popular C Standard Library Putting IoT at Risk

UNC3524: Eye Spy on Your Email

Google Online Security Blog: The Package Analysis Project: Scalable detection of malicious open source packages

Spanish prime minister’s phone ‘targeted with Pegasus spyware’

Russia’s cyber warfare against Ukraine more nuanced than expected

Russian troops in Melitopol plunder $5M farm vehicles from Ukraine -- to find they've been remotely disabled

How the French fiber optic cable attacks accentuate critical infrastructure vulnerabilities

OverWatch Insights: Reviewing a New Intrusion Targeting Mac Systems

What does APT Activity Look Like on MacOS?

Jamf Threat Labs identifies Safari vulnerability (CVE-2022-22616) allowing for Gatekeeper bypass

Dec0ne/KrbRelayUp: KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).

Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn

Kaspersky DDoS report, Q1 2022

Zero Tolerance: More Zero-Days Exploited in 2021 Than Ever Before

LemonDuck botnet plunders Docker cloud instances in cryptocurrency crime wave

When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure

CVE-2022-21449: Psychic Signatures in Java

The More You Know, The More You Know You Don’t Know

Pegasus spyware found on 5 French cabinet members' phones

CatalanGate: Extensive Mercenary Spyware Operation against Catalans Using Pegasus and Candiru

GitHub: Attacker breached dozens of orgs using stolen OAuth tokens

Increased Enterprise Use of iOS, Mac Means More Malware

Researcher uses 379-year-old algorithm to crack crypto keys found in the wild

Microsoft Zero-Days, Wormable Bugs Spark Concern

Russia’s Sandworm hackers attempted a third blackout in Ukraine

RaidForums hacking forum seized by police, owner arrested

Git security vulnerability announced

The U.S. is using declassified intel to fight an info war with Russia, even when the intel isn't rock solid

Industroyer2: Industroyer reloaded

CVE-2022-22965 Analyzing the Exploitation of Spring4Shell Vulnerability in Weaponizing and Executing the Mirai Botnet Malware

Spionaggio cyber alla Commissione europea

Police Records Show Women Are Being Stalked With Apple AirTags Across the Country

FBI Disrupts Cyclops Blink Botnet Used by Russian Intelligence Directorate

DoS attacks hit Finnish websites during Zelenskyy address • The Register

Svizzera, covo di spie russe

AcidRain | A Modem Wiper Rains Down on Europe

U.S. Says It Secretly Removed Malware Worldwide, Pre-empting Russian Cyberattacks - The New York Times

Chinese hackers abuse VLC Media Player to launch malware loader

MacOS SUHelper Root Privilege Escalation Vulnerability A Deep Dive Into CVE-2022-22639

Hackers breach MailChimp's internal tools to target crypto customers

Explaining Spring4Shell: The Internet security disaster that wasn’t

Faille Spring4shell, encore un cauchemar pour les entreprises

En Russie, des informations sur la police secrète fuitent à cause d'une appli de livraison

Lapsus$: Two UK teenagers charged with hacking for gang

Apple releases macOS 12.3.1, iOS 15.4.1, watchOS 8.5.1 and more - The Mac Security Blog

Chinese Hackers Target VMware Horizon Servers with Log4Shell to Deploy Rootkit

QNAP warns severe OpenSSL bug affects most of its NAS devices

Putin's hackers gained full access to Hungary's foreign ministry networks, the Orbán government has been unable to stop them

Apple and Meta Gave User Data to Hackers Who Used Forged Legal Requests

Lapsus$ and SolarWinds hackers both use the same old trick to bypass MFA

New Lapsus$ Hack Documents Make Okta’s Response Look More Bizarre

Sophos patches critical remote code execution vulnerability in Firewall

When Nokia Pulled Out of Russia, a Vast Surveillance System Remained

Fake sites stealing Steam credentials

Chrome Releases: Stable Channel Update for Desktop

Behold, a password phishing site that can trick even savvy users

Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminal

Storm Cloud on the Horizon: GIMMICK Malware Strikes at macOS

Lapsus$: when kiddies play in the big league

Piratage Okta : 375 des clients concernés par l'attaque de Lapsus$

Updated Okta Statement on LAPSUS$

DEV-0537 criminal actor targeting organizations for data exfiltration and destruction

Anonymous Takes Anti-Putin Battle To Russian People With Printer Attack To Disrupt Kremlin's Propaganda

Lapsus$ hackers leak 37GB of Microsoft's alleged source code

Piratage d'Okta : l'entreprise admet enquêter, LAPSUS$ revendique

Protestware : l’open source n’échappe pas au conflit russo-ukrainien

Activists are targeting Russians with open-source "protestware"

Ukraine warns of InvisiMole attacks tied to state-sponsored Russian hackers

Exposing initial access broker with ties to Conti

Gas Is Too Expensive; Let’s Make It Cheap!

Sabotage: Code added to popular NPM package wiped files in Russia and Belarus | Ars Technica

OpenSSL plombé par une importante faille de sécurité

L’Ukraine reconnaît « une énorme perte de communication » après la cyberattaque contre le satellite KA-SAT

PROPHET SPIDER Exploits Citrix ShareFile

Cyber-attaques en Suisse sur des particuliers? «On ne peut rien exclure»

Raccoon Stealer: “Trash panda” abuses Telegram

Cyber Security Incident Pushes Ubisoft to Issue Internal Password Reset

Exclusive: U.S. spy agency probes sabotage of satellite internet during Russian invasion, sources say | Reuters

Armis Finds Three Critical Zero-Day Vulnerabilities in APC Smart-UPS Devices, Dubbed "TLStorm," Exposing More than 20 Million Enterprise Devices

EU and UK launch antitrust investigation into Google and Meta’s adtech dealings - The Verge

Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups

Guerre en Ukraine : les utilisateurs du réseau satellitaire Viasat victimes d’une cyberattaque

New method that amplifies DDoSes by 4 billion-fold. What could go wrong?

Belarus conducted widespread phishing campaigns against Ukraine, Poland, Google says

China-backed APT41 compromised ‘at least’ six US state governments

An update on the threat landscape

Samsung confirms hackers stole Galaxy devices source code

Hackers leak 190GB of alleged Samsung data, source code

Cybercriminals who breached Nvidia issue one of the most unusual demands ever

Malware now using stolen NVIDIA code signing certificates

Crypto Bug in Samsung Galaxy Devices: Breaking Trusted Execution Environments (TEEs)

New Linux Vulnerability CVE-2022-0492 Affecting Cgroups: Can Containers Escape?

Scam E-Mail Impersonating Red CrossScam E-Mail Impersonating Red Cross

Asylum Ambuscade: State Actor Uses Compromised Private Ukrainian Military Emails to Target European Governments and Refugee Movement

L'Anssi sème le doute sur l'usage des solutions Kaspersky

Cyber Realism in a Time of War

Phishing attacks target countries aiding Ukrainian refugees

Toyota suspends domestic factory operations after suspected cyber attack

Ukrainian cyber resistance group targets Russian power grid, railways

Face à un incident de cybersécurité, Nvidia soupçonné d'avoir répliqué - ZDNet

Nvidia Confirms Company Data Was Stolen in Hack

IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine

Cybersécurité : l’Union européenne va aider l’Ukraine face à la Russie

Ukrainian Researcher Leaks Conti Ransomware Gang Data

Cyberattaque contre l’Université de Neuchâtel: des données volées publiées sur le darkweb (update)

The Next Web

Crypto Donations to Ukraine Jumps to $20M

Chinese Cybersecurity Company Doxes Apparent NSA Hacking Operation

Google follows YouTube in cutting off ad revenue to Russian state media

2022 Russia-Ukraine war — Cyber group tracker

STORMOUS ransomware si schiera senza dirlo, contro l'Ucraina - (in)sicurezza digitale

Twitter and Facebook restricted in Russia amid conflict with Ukraine

Facebook, Twitter remove disinformation accounts targeting Ukrainians

Ukraine border control hit with wiper cyberattack, slowing refugee crossing

Anonymous: the hacker collective that has declared cyberwar on Russia | Ukraine

Nvidia allegedly hacked its hackers, stole its data back

Ukraine takes the resistance to cyberspace, assembling an “IT army” to hack sites from Russia and its allies, calls on tech leaders to get involved

New Malware Capable of Controlling Social Media Accounts Infects 5,000+ Machines and is actively being Distributed via Gaming Applications on Microsoft's Official Store

Anonymous hacktivists, ransomware groups get involved in Ukraine-Russia conflict

US microchip powerhouse Nvidia hit by cyber attack

Conti ransomware group announces support of Russia, threatens retaliatory attacks

Attacchi informatici, c'è un nuovo malware di uno dei più importanti gruppi di cybercriminali russi

TrickBot malware operation shuts down, devs move to BazarBackdoor

Ukraine links phishing targeting military to Belarusian hackers

Aquarium Leaks. Inside the GRU’s Psychological Warfare Program

Ukraine: Disk-wiping Attacks Precede Russian Invasion

EXCLUSIVE Ukraine calls on hacker underground to defend against Russia

HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine

New data-wiping malware used in destructive attacks on Ukraine

The Bvp47 - a Top-tier Backdoor of US NSA Equation Group

Find You: Building a stealth AirTag clone | Positive Security

Un ex-officier de la CIA sur l’Ukraine: «Jamais les Etats-Unis n’ont divulgué autant d’informations sensibles et aussi vite»

Chinese cyber-attackers 'targeted Taiwanese financial firms'

Horde Webmail 5.2.22 - Account Takeover via Email

Behind the stalkerware network spilling the private phone data of hundreds of thousands

The US is unmasking Russian hackers faster than ever

Comment le leader mondial des data centers a contré l’attaque par rançongiciel de NetWalker

Risque de cybersécurité – RUAG doit être plus vigilante sur ses données sensibles

Une faille vulnérabilise le gestionnaire de paquets Snap pour Linux

Cosa sappiamo di sLoad e perchè è così elusivo? –

Pegasus spyware scandal uncovered by fake image file on an iPhone

Who Is Behind QAnon? Linguistic Detectives Find Fingerprints

Cyberattack targets Vodafone Portugal, disrupts services

‘Zero-Click’ Hacks Are Growing in Popularity. There’s Practically No Way to Stop Them

Une cyberattaque met à genou l’Université de Neuchâtel

Kazakhstan's Internet Shutdowns Could Be a Warning for Ukraine

VMware Horizon servers are under active exploit by Iranian state hackers

The Elite Hackers of the FSB

Passware parvient à trouver le mot de passe des Mac T2 par force brute

Twitter cans 2FA service provider over surveillance claims

Red Cross traces hack back to unpatched Zoho vulnerability

Assurances cyber : vers une « jurisprudence NotPetya » ?

Merck’s $1.4 Billion Insurance Win Splits Cyber From ‘Act of War’

Chrome Zero-Day Under Active Attack: Patch ASAP | Threatpost

New Emotet Infection Method

Russian hackers have obtained sensitive defense information technology by targeting US contractors, according to CISA

Meta to Pay $90 Million to Settle Facebook Data Privacy Lawsuit

Flood of malicious junk traffic makes Ukrainian websites unreachable | Ars Technica

Cyber-attack on ICRC: What we know

Vaud – Etudiant débouté en raison de son inactivité en ligne

Cyberattack takes Ukraine military, bank websites offline

Apple's AirTag uncovers a secret German intelligence agency

New DeadBolt ransomware targets QNAP devices, asks 50 BTC for master key

Linux-Targeted Malware Increases by 35% in 2021

EDPS Preliminary Remarks on Modern Spyware

KlaySwap crypto users lose funds after BGP hijack

Twitter Tells U.S. Senator It’s Cutting Ties to Swiss Tech Firm

Twitter, Google, WhatsApp, Telegram... pourquoi la double authentification n'est finalement pas si sécurisée

De nombreuses sociétés suisses touchées par le piratage affectant le monde des télécoms

Charting TA2541's Flight

Minaccia Malware prende di mira il settore dell'aviazione e dell'industria aerospaziale

Dropping Files on a Domain Controller Using CVE-2021-43893

PrivateLoader to Anubis Loader. By: Jason Reaves and Joshua Platt

PrivateLoader: The first step in many malware schemes

Safari Flaws Exposed Webcams, Online Accounts, and More

Webcam Hacking (again) - Safari UXSS

Objective-See's Blog

Analyzing a watering hole campaign using macOS exploits

Watering hole deploys new macOS malware, DazzleSpy, in Asia

SysJoker : un malware pour macOS, Windows et Linux qui opère discrètement depuis des mois

Backdoor RAT for Windows, macOS, and Linux went undetected until now | Ars Technica

New SysJoker Backdoor Targets Windows, Linux, and macOS

SysJoker analyzing the first (macOS) malware of 2022!

Google Docs Comment Exploit Allows for Distribution of Phishing and Malware

Can You Trust a File’s Digital Signature? New Zloader Campaign exploits Microsoft’s Signature Verification putting users at risk

iPhone flaw exploited by second Israeli spy firm-sources

Israelis didn’t care about NSO and Pegasus – until this scandal

Le piratage d'une société américaine a des conséquences en Suisse

Critical Vulnerabilities in PHP Everywhere Allow Remote Code Execution

Google Online Security Blog: Vulnerability Reward Program: 2021 Year in Review

ModifiedElephant APT and a Decade of Fabricating Evidence

Swisscom, Sunrise et Salt touchés par un piratage aux Etats-Unis

North Korea Hacked Him. So He Took Down Its Internet

I Used Apple AirTags, Tiles and a GPS Tracker to Watch My Husband’s Every Move - The New York Times

Emsisoft Decryptor for Maze / Sekhmet / Egregor - Emsisoft: Free Ransomware Decryption Tools

[LEAK] Maze + Egregor + Sekhmet keys along with m0yv (expiro) source code

Decryptor released for Maze, Egregor, and Sekhmet ransomware strains | ZDNet

Exposed documents reveal how the powerful clean up their digital past using a reputation laundering firm

Les 200 mots de passe les plus populaires en 2021

Why is the Zoom app listening on my microphone...

Who Needs to Exploit Vulnerabilities When You Have Macros?

Operation EmailThief: Active Exploitation of Zero-day XSS Vulnerability in Zimbra

PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)

Helping users stay safe: Blocking internet macros by default in Office

A walk through Project Zero metrics

Mettez à jour iOS ! WebKit contient une vulnérabilité dangereuse

Nouvelle version de Safari 15.3 sur Big Sur et Catalina pour combler une faille importante | MacGeneration