Cyberveille
curated by Decio
Nuage de tags
Mur d'images
Quotidien
Rechercher
Flux RSS
Flux RSS
Daily Feed
Weekly Feed
Monthly Feed
tags
search
Diving Deeper into AI Package Hallucinations
Tycoon 2FA: an in-depth analysis of the latest version of the AiTM phishing kit
Large-Scale StrelaStealer Campaign in Early 2024
The iSOON Disclosure: Exploring the Integrated Operations Platform
Interesting Multi-Stage StopCrypt Ransomware Variant Propagating in the Wild
The Architects of Evasion: a Crypters Threat Landscape
The Anatomy of an ALPHA SPIDER Ransomware Attack
NoName057(16) DDoSia project: 2024 updates and behavioural shifts
Scattered Spider laying new eggs
A first analysis of the i-Soon data leak
Code injection or backdoor: A new look at Ivanti’s CVE-2021-44529
Vulnerable Fortinet Devices: Low-hanging Fruit for Threat Actors
Threat Intel Accelerates Detection & Response
New MacOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group
Zero Day Initiative — CVE-2023-46263: Ivanti Avalanche Arbitrary File Upload Vulnerability
Ransomware Retrospective 2024: Unit 42 Leak Site Analysis
New Go-based Malware Loader Discovered I Arctic Wolf
Attack of the week: Airdrop tracing – A Few Thoughts on Cryptographic Engineering
CVE-2023-27532
Analyzing DPRK's SpectralBlur
CVE-2023-46747 : Unauthenticated Remote Code Execution in F5 BIG-IP - Malware Analysis - Malware Analysis, News and Indicators
Objective-See's Blog
Android Banking Trojan Chameleon can now bypass any Biometric Authentication
The Curious Case of Predatory Sparrow
Rhadamanthys v0.5.0 - a deep dive into the stealer’s components
CVE-2023-50164
Scanning Danger: Unmasking the Threats of Quishing
Star Blizzard increases sophistication and evasion in ongoing attacks
Cyber Threats affecting "International Geneva"
Into the Trash: Analyzing LitterDrifter
Understanding the Phobos affiliate structure and activity
C3RB3R Ransomware | Ongoing Exploitation of CVE-2023-22518 Targets Unpatched Confluence Servers - SentinelOne
Nothing new, still broken, insecure by default since then: Python's e-mail libraries and certificate verification
Jamf Threat Labs Discovers Malware from BlueNoroff
Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction
CVE-2023-46604
CVE-2023-46747
GHOSTPULSE haunts victims using defense evasion bag o' tricks
FakeUpdateRU Chrome Update Infection Spreads Trojan Malware
Triangulation: validators, post-compromise activity and modules | Securelist
CVE-2023-38831 Exploited by Pro-Russia Hacking Groups in RU-UA Conflict Zone for Credential Harvesting Operations
Disclosing the BLOODALCHEMY backdoor
90s Vulns In 90s Software (Exim) - Is the Sky Falling?
Mirai Botnet's New Wave: hailBot,kiraiBot, catDDoS, and Their Fierce Onslaught - NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.
New Python NodeStealer Goes Beyond Facebook Credentials, Now Stealing All Browser Cookies and Login Credentials
Compromised Microsoft Key: More Impactful Than We Thought
What's in a NoName? Researchers see a lone-wolf DDoS group
Exposing DuckTail
Adversary On The Defense: ANTIBOT.PW
#FuckStalkerware pt. 3 - ownspy got, well, owned
CVE-2023-36844 And Friends: RCE In Juniper Devices
Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT
Unpacking the Threats Within: The Hidden Dangers of .zip Domains
Into the tank with Nitrogen
Malicious Batch File (*.bat) Disguised as a Document Viewer Being Distributed (Kimsuky)
Unmasking the Meduza Stealer: Comprehensive Analysis & Countermeasures
BlueNoroff | How DPRK’s macOS RustBucket Seeks to Evade Analysis and Detection -
Clop Ransomware: History, Timeline, And Adversary Simulation
Malware Execution Method Using DNS TXT Record
Tracing Ransomware Threat Actors Through Stylometric Analysis and Chat Log Examination
PindOS: New JavaScript Dropper Delivering Bumblebee and IcedID
IoT Under Siege: The Anatomy of the Latest Mirai Campaign Leveraging Multiple IoT Exploits
Cadet Blizzard emerges as a novel and distinct Russian threat actor | Microsoft Security Blog
The Phantom Menace: Brute Ratel remains rare and targeted
Analysis of CVE-2023-27997 and Clarifications on Volt Typhoon Campaign
Xortigate, or CVE-2023-27997 - The Rumoured RCE That Was
Analysis of CVE-2023-29336 Win32k Privilege Escalation
Trustwave Action Response: Zero Day Exploitation of MOVEit (CVE-2023-34362)
GobRAT malware written in Go language targeting Linux routers
Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft
Zero Day Initiative — CVE-2023-24941: Microsoft Network File System Remote Code Execution
Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware
Akira Ransomware is “bringin’ 1988 back”
infosec company owned completely by 4chan user
New phishing-as-a-service tool “Greatness” already seen in the wild
The malware threat landscape: NodeStealer, DuckTail, and more
Magecart threat actor rolls out convincing modal forms
Analysis of Pre-Auth RCE in Sophos Web Appliance (CVE-2023-1671)
'RustBucket' malware targets macOS
3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible
in2al5d p3in4er is Almost Completely Undetectable
LockBit for Mac | How Real is the Risk of macOS Ransomware?
QBot banker delivered through business correspondence
Analyzing an arm64 mach-O version of LockBit
Vice Society: A Tale of Victim Data Exfiltration via PowerShell, aka Stealing off the Land
Nokoyawa ransomware attacks with Windows zero-day
Balada Injector: Synopsis of a Massive Ongoing WordPress Malware Campaign
MERCURY and DEV-1084: Destructive attack on hybrid environment - Microsoft Security Blog
Cyble — Demystifying Money Message Ransomware
3CX Desktop App Compromised (CVE-2023-29059)
Cyble — Cl0p Ransomware: Active Threat Plaguing Businesses Worldwide
3CX VoIP Software Compromise & Supply Chain Threats
Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours
Prometei botnet improves modules and exhibits new capabilities in recent updates
A Noteworthy Threat: How Cybercriminals are Abusing OneNote
Iron Tiger’s SysUpdate Reappears, Adds Linux Targeting
Hunting for Honkbox | Multistage macOS Cryptominer May Still Be Hiding
Lumma Stealer targets YouTubers via Spear-phishing Email | by S2W | S2W BLOG | Feb, 2023 | Medium
PureCrypter targets government entities through Discord - Blog | Menlo Security
TA569: SocGholish and Beyond
EXFILTRATOR-22 - An Emerging Post-Exploitation Framework
Havoc Across the Cyberspace
Investigating Intrusions From Intriguing Exploits
Sliver Malware With BYOVD Distributed Through Sunlogin Vulnerability Exploitations - ASEC BLOG
‘InTheBox’ Web Injects Targeting Android Banking Applications Worldwide
Chinese PlugX Malware Hidden in Your USB Devices?
The Titan Stealer: Notorious Telegram Malware Campaign
Following the LNK metadata trail
Darth Vidar: The Dark Side of Evolving Threat Infrastructure
Batloader Malware Abuses Legitimate Tools Uses Obfuscated JavaScript Files in Q4 2022 Attacks
New CatB Ransomware Employs 2-Year Old DLL Hijacking Technique To Evade Detection
Shc Linux Malware Installing CoinMiner
The Mac Malware of 2022 👾
New YouTube Bot Malware Spotted Stealing User’s Sensitive Information
Pure coder offers multiple malware for sale in Darkweb forums
New RisePro Stealer distributed by the prominent PrivateLoader
Shlayer Malware: Continued Use of Flash Updates
L’art de l’évasion How Shlayer hides its configuration inside Apple proprietary DMG files
Threat Spotlight: XLLing in Excel - threat actors using malicious add-ins
Raspberry Robin Malware Targets Telecom, Governments
Custom-Branded Ransomware: The Vice Society Group and the Threat of Outsourced Development - SentinelOne
An infostealer comes to town: Dissecting a highly evasive malware targeting Italy
New Ransomware Strains Emerging from Leaked Conti’s Source Code
Meddler-in-the-Middle Phishing Attacks Explained MitM
CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange
GoTrim: Go-based Botnet Actively Brute Forces WordPress Websites
Mallox Ransomware showing signs of Increased Activity
Pulling the Curtains on Azov Ransomware: Not a Skidsware but Polymorphic Wiper - Check Point Research
Hitching a ride with Mustang Panda
New MuddyWater Threat: Old Kitten; New Tricks
Blowing Cobalt Strike Out of the Water With Memory Analysis
Preparing for a Russian cyber offensive against Ukraine this winter
Aurora: a rising stealer flying under the radar
Technical Analysis of the RedLine Stealer
AXLocker, Octocrypt, and Alice: Leading a new wave of Ransomware Campaigns
New RapperBot Campaign – We Know What You Bruting for this Time
BumbleBee Zeros in on Meterpreter
Exploring ZIP Mark-of-the-Web Bypass Vulnerability (CVE-2022-41049)
PNG Steganography Hides Backdoor
Massive ois[.]is Black Hat Redirect Malware Campaign
The Case of Cloud9 Chrome Botnet
Analysis of a Remote Code Execution (RCE) Vulnerability in Cobalt Strike 4.7.1
Reverse Engineering the Apple MultiPeer Connectivity Framework
Archive Sidestepping: Emotet Botnet Pushing Self-Unlocking Password-Protected RAR
Cyble Phishing ERMAC Android Malware Increasingly Active
New PHP Variant of Ducktail Infostealer Targeting Facebook Business Accounts
Fake Ransomware Infection Under widespread
Bumblebee: increasing its capacity and evolving its TTPs
In the footsteps of the Fancy Bear: PowerPoint mouse-over event abused to deliver Graphite implants
GRU: Rise of the (Telegram) MinIOns
Domain Shadowing: A Stealthy Use of DNS Compromise for Cybercrime
Azure Cloud Shell Command Injection Stealing User’s Access Tokens
Threat Alert: New Malware in the Cloud By TeamTNT
Six months into Breached: The legacy of RaidForums?
Credential Gathering From Third-Party Software
Malvertising on Microsoft Edge's News Feed pushes tech support scams
Bumblebee Returns with New Infection Technique
Dead or Alive? An Emotet Story
Shikitega - New stealthy malware targeting Linux
Mirai Variant MooBot Targeting D-Link Devices
SafeBreach Uncovers New Remote Access Trojan (RAT)
Malicious Cookie Stuffing Chrome Extensions with 1.4 Million Users
PyPI Phishing Campaign | JuiceLedger Threat Actor Pivots From Fake Apps to Supply Chain Attacks
THREAT ANALYSIS REPORT: Bumblebee Loader – The High Road to Enterprise Domain Control
CVE-2022-27925
Reservations Requested: TA558 Targets Hospitality and Travel
Making Sense of the Killnet, Russia’s Favorite Hacktivists
A Detailed Analysis of the RedLine Stealer
LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities
[CVE-2022-34918] A crack in the Linux firewall
Joker, Facestealer and Coper banking malwares on Google Play store
CVE-2022-30333
The forgotten SUAVEEYEFUL FreeBSD software implant of the EQUATION GROUP
Microsoft Plans to Eliminate Face Analysis Tools in Push for ‘Responsible A.I.’
BRATA is evolving into an Advanced Persistent Threat
ASyncRat surpasses Dridex, TrickBot and Emotet to become dominant email threat
A closer look at Eternity Malware
Google Online Security Blog: The Package Analysis Project: Scalable detection of malicious open source packages
AcidRain | A Modem Wiper Rains Down on Europe
Lapsus$: when kiddies play in the big league
An update on the threat landscape
Cyber Realism in a Time of War
The Bvp47 - a Top-tier Backdoor of US NSA Equation Group
Cyber-attack on ICRC: What we know
Objective-See's Blog
SysJoker analyzing the first (macOS) malware of 2022!