Recherche : [EN] - Cyberveille

Stealing Clouds https://www.reuters.com/investigates/special-report/china-cyber-cloudhopper/?ref=news.risky.biz

28/03/2024 10:08:24

Reuters shows how Chinese hackers invaded myriad global companies, exposing entrenched weaknesses in Western cyber defenses.

Seven Hackers Associated with Chinese Government Charged with Computer Intrusions Targeting Perceived Critics of China and U.S. Businesses and Politicians https://www.justice.gov/opa/pr/seven-hackers-associated-chinese-government-charged-computer-intrusions-targeting-perceived

28/03/2024 10:06:21

Defendants Operated as Part of the APT31 Hacking Group in Support of China’s Ministry of State Security’s Transnational Repression, Economic Espionage and Foreign Intelligence Objectives

Out of the shadows - ’darcula’ iMessage and RCS smishing attacks target USPS and global postal services https://www.netcraft.com/blog/darcula-smishing-attacks-target-usps-and-global-postal-services/

28/03/2024 09:02:01

Chinese-language Phishing-as-a-Service platform ‘darcula’ targets organizations in 100+ countries with sophisticated techniques using more than 20,000 phish ...

Thousands of servers hacked in ongoing attack targeting Ray AI framework https://arstechnica.com/security/2024/03/thousands-of-servers-hacked-in-ongoing-attack-targeting-ray-ai-framework/?comments=1&comments-page=1

28/03/2024 00:21:11

Researchers say it's the first known in-the-wild attack targeting AI workloads.

Flipping Pages: An analysis of a new Linux vulnerability in nf_tables and hardened exploitation techniques https://pwning.tech/nftables/

27/03/2024 22:51:32

A tale about exploiting KernelCTF Mitigation, Debian, and Ubuntu instances with a double-free in nf_tables in the Linux kernel, using novel techniques like Dirty Pagedirectory. All without even having to recompile the exploit for different kernel targets once.

Finland confirms APT31 hackers behind 2021 parliament breach https://www.bleepingcomputer.com/news/security/finland-confirms-apt31-hackers-behind-2021-parliament-breach/

27/03/2024 22:34:48

The Finnish Police confirmed on Tuesday that the APT31 hacking group linked to the Chinese Ministry of State Security (MSS) was behind a breach of the country's parliament disclosed in March 2021.

Google: Spyware vendors behind 50% of zero-days exploited in 2023 https://www.bleepingcomputer.com/news/security/google-spyware-vendors-behind-50-percent-of-zero-days-exploited-in-2023/

27/03/2024 14:04:52

Google's Threat Analysis Group (TAG) and Google subsidiary Mandiant said they've observed a significant increase in the number of zero-day vulnerabilities exploited in attacks in 2023, many of them linked to spyware vendors and their clients.

Recent ‘MFA Bombing’ Attacks Targeting Apple Users – Krebs on Security https://krebsonsecurity.com/2024/03/recent-mfa-bombing-attacks-targeting-apple-users/

27/03/2024 09:56:52

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple's password reset feature. In this scenario, a target's Apple devices are forced to display dozens of system-level prompts that…

BlueSpy - Spying on Bluetooth conversations https://www.tarlogic.com/blog/bluespy-spying-on-bluetooth-conversations/

26/03/2024 15:58:35

BlueSpy is a proof of concept for exploiting vulnerabilities in Bluetooth headsets and eavesdropping on private conversations

U.S. Sanctions 3 Cryptocurrency Exchanges for Helping Russia Evade Sanctions https://thehackernews.com/2024/03/us-sanctions-3-cryptocurrency-exchanges.html

26/03/2024 10:14:15

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) sanctioned three cryptocurrency exchanges for offering services used to evade economic restrictions imposed on Russia following its invasion of Ukraine in early 2022.

This includes Bitpapa IC FZC LLC, Crypto Explorer DMCC (AWEX), and Obshchestvo S Ogranichennoy Otvetstvennostyu Tsentr Obrabotki Elektronnykh Platezhey (TOEP).

New ZenHammer memory attack impacts AMD Zen CPUs https://www.bleepingcomputer.com/news/security/new-zenhammer-memory-attack-impacts-amd-zen-cpus/

26/03/2024 10:03:09

Academic researchers developed ZenHammer, the first variant of the Rowhammer DRAM attack that works on CPUs based on recent AMD Zen microarchitecture that map physical addresses on DDR4 and DDR5 memory chips.

Why X86 Needs To Die https://hackaday.com/2024/03/21/why-x86-needs-to-die/

26/03/2024 09:59:32

As I'm sure many of you know, x86 architecture has been around for quite some time. It has its roots in Intel's early 8086 processor, the first in the family. Indeed, even the original 8086 inherits a...

ZenHammer: Rowhammer Attacks on AMD Zen-based Platforms https://comsec.ethz.ch/research/dram/zenhammer/

26/03/2024 09:57:53

Our work shows that it is possible to trigger Rowhammer bit flips on DDR4 devices on AMD Zen 2 and Zen 3 systems despite deployed TRR mitigations. This result proves that AMD systems are equally vulnerable to Rowhammer as Intel systems, which greatly increases the attack surface, considering today’s AMD market share of around 36%… Read

Tycoon 2FA: an in-depth analysis of the latest version of the AiTM phishing kit https://blog.sekoia.io/tycoon-2fa-an-in-depth-analysis-of-the-latest-version-of-the-aitm-phishing-kit/

26/03/2024 09:09:23

Tycoon 2FA has become one of the most widespread adversary-in-The-Middle (AiTM) phishing kits over the last few months.

Deactivating Cortex XDR via repair function https://badoption.eu/blog/2024/03/23/cortex.html

26/03/2024 08:37:51

It is trivially possible to disable the Cortex EDR as a non-admin user by triggering a repair function. This is only working, if the Tamper Protection is not enforced! TL;DR; Trigger the repair via GUID Disrupt it when EDR is deactivated Done

Release: VM Escape Exploit for Parallels Desktop Hypervisor (Pwn2Own 2021) https://zerodayengineering.com/research/pwn2own-2021-vm-escape.html

25/03/2024 19:11:13

In April 2021 I participated in Pwn2Own Vancouvver competition as a single player, and successfully demonstrated a 0-day virtual machine escape exploit with code execution on Parallels hypervisor. Today I am finally releasing the exploit source code together with a technical walkthrough video talk that I gave on Zero Day Engineering livestream in November 2021.

Over 170K users hit by poisoned Python package ruse https://www.theregister.com/2024/03/25/python_package_malware/

25/03/2024 19:08:21

Supply chain attack targeted GitHub community of Top.gg Discord server

New Go loader pushes Rhadamanthys stealer https://www.malwarebytes.com/blog/threat-intelligence/2024/03/new-go-loader-pushes-rhadamanthys

25/03/2024 18:53:17

A malicious ad for the popular admin tool PuTTY leads victims to a fake site that downloads malware.

APT29 Uses WINELOADER to Target German Political Parties | Mandiant https://www.mandiant.com/resources/blog/apt29-wineloader-german-political-parties

25/03/2024 09:14:30

APT29 used a new backdoor variant publicly tracked as WINELOADER to target German political parties.

China blocks use of Intel and AMD chips in government computers, FT reports https://www.reuters.com/world/china/china-blocks-use-intel-amd-chips-government-computers-ft-reports-2024-03-24/

25/03/2024 09:08:53

China has introduced guidelines to phase out U.S. microprocessors from Intel (INTC.O), opens new tab and AMD (AMD.O), opens new tab from government personal computers and servers, the Financial Times reported on Sunday.
The procurement guidance also seeks to sideline Microsoft's (MSFT.O), opens new tab Windows operating system and foreign-made database software in favour of domestic options, the report said.

Liens par page

Filtres