Recherche : [EN] - Cyberveille

ChatGPT creates mutating malware that evades detection by EDR https://www.csoonline.com/article/3698516/chatgpt-creates-mutating-malware-that-evades-detection-by-edr.html

07/06/2023 19:56:49

A global sensation since its initial release at the end of last year, ChatGPT's popularity among consumers and IT professionals alike has stirred up cybersecurity nightmares about how it can be used to exploit system vulnerabilities. A key problem, cybersecurity experts have demonstrated, is the ability of ChatGPT and other large language models (LLMs) to generate polymorphic, or mutating, code to evade endpoint detection and response (EDR) systems.

Service Rents Email Addresses for Account Signups https://krebsonsecurity.com/2023/06/service-rents-email-addresses-for-account-signups/

07/06/2023 12:57:56

One of the most expensive aspects of any cybercriminal operation is the time and effort it takes to create large numbers of new throwaway email accounts. Now a new service offers to help dramatically cut costs associated with large-scale spam…

Mass exploitation of critical MOVEit flaw is ransacking orgs big and small | Ars Technica https://arstechnica.com/information-technology/2023/06/mass-exploitation-of-critical-moveit-flaw-is-ransacking-orgs-big-and-small/

07/06/2023 07:46:55

SQL injection attacks on MOVEit file-transfer service likely to get worse.

Trustwave Action Response: Zero Day Exploitation of MOVEit (CVE-2023-34362) https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/trustwave-action-response-zero-day-exploitation-of-moveit-cve-2023-34362/

06/06/2023 19:42:58

On May 31, threat actors were discovered targeting a critical zero day in MOVEit Transfer software resulting in escalated privileges and unauthorized data access. The vulnerability being exploited is an SQL injection and has since been patched. Resources links, including one for the patch, are at the bottom of this post.

GobRAT malware written in Go language targeting Linux routers https://blogs.jpcert.or.jp/en/2023/05/gobrat.html

05/06/2023 21:54:15

JPCERT/CC has confirmed attacks that infected routers in Japan with malware around February 2023. This blog article explains the details of the attack confirmed by JPCERT/CC and GobRAT malware, which was used in the attack. ### Attack flow up to...

How malicious extensions hide running arbitrary code https://palant.info/2023/06/02/how-malicious-extensions-hide-running-arbitrary-code

05/06/2023 21:50:41

Eight malicious extensions still remain in Chrome Web Store. These use some interesting tricks to keep running arbitrary code despite restrictions of Manifest V3.

Hackers steal Swiss police and customs data https://www.swissinfo.ch/eng/politics/hackers-steal-swiss-police-and-customs-data/48563830

05/06/2023 21:47:54

Hackers have published data from the federal police and customs offices on the Darknet, after an attack on the servers of the host company.

Russian Radio Stations Hacked, Fake Putin Message Announcing Invasion of Russia Broadcast https://www.kyivpost.com/post/17912

05/06/2023 21:43:30

The voice, very similar to President Putin’s, also announced martial law, general mobilisation and the evacuation of civilians in three regions bordering Ukraine.

MOVEit hack: BBC, BA and Boots among cyber attack victims https://www.bbc.com/news/technology-65814104

05/06/2023 21:31:05

Staff at multiple organisations are warned of a payroll data breach after an IT supplier is hacked.

New Magecart-Style Campaign Abusing Legitimate Websites to Attack Others | Akamai https://www.akamai.com/blog/security-research/new-magecart-hides-behind-legit-domains

05/06/2023 09:00:06

Akamai researchers have identified a new Magecart-style skimmer campaign that hides behind legitimate website domains to steal PII and credit card information.

Rapid7 Observed Exploitation of Critical MOVEit Transfer Vulnerability https://www.rapid7.com/blog/post/2023/06/01/rapid7-observed-exploitation-of-critical-moveit-transfer-vulnerability/

04/06/2023 23:02:39

Rapid7 is observing exploitation of a critical vulnerability in Progress Software’s MOVEit Transfer solution across multiple customer environments.

Enzo Biochem Ransomware Attack Exposes Information of 2.5M Individuals - SecurityWeek https://www.securityweek.com/enzo-biochem-ransomware-attack-exposes-information-of-2-5m-individuals/

04/06/2023 22:38:10

Enzo Biochem says the clinical test information of roughly 2.47 million individuals was exposed in a recent ransomware attack.

Bypassing SELinux with init_module https://seanpesce.blogspot.com/2023/05/bypassing-selinux-with-initmodule.html?m=1

04/06/2023 22:33:35

There are two Linux system calls for loading a kernel module - init_module and finit_module. By leveraging init_module, I bypassed a filesystem-based SELinux rule that prevented me from loading a kernel module through traditional means (e.g., insmod). I then disabled SELinux from kernel-space. Proof of concept code can be found on my GitHub.

New macOS vulnerability, Migraine, could bypass System Integrity Protection | Microsoft Security Blog https://www.microsoft.com/en-us/security/blog/2023/05/30/new-macos-vulnerability-migraine-could-bypass-system-integrity-protection/

04/06/2023 22:30:35

A new vulnerability, which we refer to as “Migraine” for its involvement with macOS migration, could allow an attacker with root access to automatically bypass System Integrity Protection (SIP) in macOS and perform arbitrary operations on a device

‘Gravity Forms’ WordPress Plugin Found Vulnerable to PHP Object Injection https://www.bitdefender.com/blog/hotforsecurity/gravity-forms-wordpress-plugin-found-vulnerable-to-php-object-injection/

04/06/2023 14:05:54

Gravity Forms, a popular WordPress plugin, has been found vulnerable to
unauthenticated PHP Object Injection attacks.

Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft https://www.mandiant.com/resources/blog/zero-day-moveit-data-theft

03/06/2023 18:10:00

Analysis of a zero-day vulnerability in MOVEit Transfer, and containment and hardening guidance.

“Clickless” iOS exploits infect Kaspersky iPhones with never-before-seen malware | Ars Technica https://arstechnica.com/information-technology/2023/06/clickless-ios-exploits-infect-kaspersky-iphones-with-never-before-seen-malware/

02/06/2023 13:27:34

"Operation Triangulation" stole mic recordings, photos, geolocation, and more.

Ask Fitis, the Bear: Real Crooks Sign Their Malware https://krebsonsecurity.com/2023/06/ask-fitis-the-bear-real-crooks-sign-their-malware/

02/06/2023 09:34:44

Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. Both of these qualities make stolen or ill-gotten code-signing certificates attractive…

A Matter of Triangulation. https://eugene.kaspersky.com/2023/06/01/a-matter-of-triangulation/

02/06/2023 09:08:34

Hi all, Today we have very big and important news. Kaspersky experts have discovered an extremely complex, professionally targeted cyberattack that uses Apple’s mobile devices. The purpose of this attack is the inconspicuous introduction of spyware into the iPhones of employees of the company – both top and middle-management. The attack is carried out using

Zero Day Initiative — CVE-2023-24941: Microsoft Network File System Remote Code Execution https://www.zerodayinitiative.com/blog/2023/5/31/cve-2023-24941-microsoft-network-file-system-remote-code-execution

01/06/2023 20:18:21

In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Quinton Crist, Guy Lederfein, and Lucas Miller of the Trend Micro Research Team detail a recently patched remote code execution vulnerability in the Microsoft Network File Service (NFS). This bug was originally dis

Liens par page

Filtres