Recherche : [EN] - Cyberveille

When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors https://unit42.paloaltonetworks.com/brute-ratel-c4-tool/

07/07/2022 07:30:53

Unit 42 continuously hunts for new and unique malware samples that match known advanced persistent threat (APT) patterns and tactics. On May 19, one such sample was uploaded to VirusTotal, where it received a benign verdict from all 56 vendors that evaluated it. Beyond the obvious detection concerns, we believe this sample is also significant in terms of its malicious payload, command and control (C2), and packaging.

Heap memory corruption with RSA private key operation (CVE-2022-2274) https://www.openssl.org/news/secadv/20220705.txt

06/07/2022 21:42:49

Severity: High

The OpenSSL 3.0.4 release introduced a serious bug in the RSA
implementation for X86_64 CPUs supporting the AVX512IFMA instructions.
This issue makes the RSA implementation with 2048 bit private keys
incorrect on such machines and memory corruption will happen during
the computation. As a consequence of the memory corruption an attacker
may be able to trigger a remote code execution on the machine performing
the computation.

Iranian hackers leak info of over 300,000 Israelis from tourism sites https://m.jpost.com/israel-news/article-710973

04/07/2022 08:54:43

Iranian hacker group Sharp Boys obtained personal data from over 20 Israeli tourism sites.

Dutch university wins big after Bitcoin ransom returned https://m.dw.com/en/dutch-university-wins-big-after-bitcoin-ransom-returned/a-62337229?s=09

04/07/2022 08:41:19

Maastricht University has doubled its money thanks to a ransomware attack three years ago. The university plans to help struggling students with its new funds.

Get root on macOS 12.3.1: proof-of-concepts for Linus Henze's CoreTrust and DriverKit bugs https://worthdoingbadly.com/coretrust/?s=09

03/07/2022 14:56:32

Here are two proof-of-concepts for CVE-2022-26766 (CoreTrust allows any root certificate) and CVE-2022-26763 (IOPCIDevice::_MemoryAccess not checking bounds at all), two issues discovered by @LinusHenze and patched in macOS 12.4 / iOS 15.5.

Microsoft finds Raspberry Robin worm in hundreds of Windows networks https://www.bleepingcomputer.com/news/security/microsoft-finds-raspberry-robin-worm-in-hundreds-of-windows-networks/

03/07/2022 12:03:15

Microsoft says that a recently spotted Windows worm has been found on the networks of hundreds of organizations from various industry sectors.

Ransomware review: June 2022 https://blog.malwarebytes.com/threat-intelligence/2022/07/ransomware-review-june-2022/

03/07/2022 11:26:52

LockBit remained the most active threat in June, and “the costliest strain of ransomware ever documented” went dark while others surged.

Mandiant Finds Possible Link Between Kremlin, Pro-Russian ‘Hacktivists’ https://www.bnnbloomberg.ca/mandiant-finds-possible-link-between-kremlin-pro-russian-hacktivists-1.1785468

03/07/2022 00:44:38

US officials and allies have warned about attacks from XakNet and related groups.

Flubot: the evolution of a notorious Android Banking Malware https://blog.fox-it.com/2022/06/29/flubot-the-evolution-of-a-notorious-android-banking-malware/?s=09

01/07/2022 07:48:54

Flubot is an Android based malware that has been distributed in the past 1.5 years in
Europe, Asia and Oceania affecting thousands of devices of mostly unsuspecting victims.
Like the majority of Android banking malware, Flubot abuses Accessibility Permissions and Services
in order to steal the victim’s credentials, by detecting when the official banking application
is open to show a fake web injection, a phishing website similar to the login form of the banking
application. An important part of the popularity of Flubot is due to the distribution
strategy used in its campaigns, since it has been using the infected devices to send
text messages, luring new victims into installing the malware from a fake website.
In this article we detail its development over time and recent developments regarding
its disappearance, including new features and distribution campaigns.

The SessionManager IIS backdoor: a possibly overlooked GELSEMIUM artefact https://securelist.com/the-sessionmanager-iis-backdoor/106868/

30/06/2022 22:25:26

In early 2022, we investigated an IIS backdoor called SessionManager. It has been used against NGOs, government, military and industrial organizations in Africa, South America, Asia, Europe, Russia and the Middle East.

ZuoRAT Hijacks SOHO Routers to Silently Stalk Networks https://blog.lumen.com/zuorat-hijacks-soho-routers-to-silently-stalk-networks/

30/06/2022 09:44:20

Black Lotus Labs, is currently tracking elements of what appears to be a sophisticated campaign leveraging infected SOHO routers to target predominantly NA and European networks of interest.

Facing reality? Law enforcement and the challenge of deepfakes https://www.europol.europa.eu/publications-events/publications/facing-reality-law-enforcement-and-challenge-of-deepfakes#downloads

30/06/2022 08:56:30

‘Facing reality? Law enforcement and the challenge of deepfakes’ is the first report produced through the Observatory function of the Europol Innovation Lab. The Europol Innovation Lab’s Observatory function monitors technological developments that are relevant for law enforcement and reports on the risks, threats and opportunities of these emerging technologies. The report provides a detailed overview of the criminal use...

FBI warns hackers are using deepfakes to apply for jobs https://www.digitaltrends.com/computing/fbi-warns-hackers-are-using-deepfakes-to-apply-for-jobs/

30/06/2022 08:53:05

Hackers are stealing PII to apply for remote jobs and then using deepfakes to pass the interview.

Unrar Path Traversal Vulnerability affects Zimbra Mail https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/

29/06/2022 21:15:52

We discovered a vulnerability in Zimbra Enterprise Email that allows an unauthenticated, remote attacker fully take over Zimbra instances via a flaw in unrar.

Conti vs. LockBit: A Comparative Analysis of Ransomware Groups https://www.trendmicro.com/en_us/research/22/f/conti-vs-lockbit-a-comparative-analysis-of-ransomware-groups.html

28/06/2022 20:50:49

We compare the targeting and business models of the Conti and LockBit ransomware groups using data analysis approaches. This will be presented in full at the 34th Annual FIRST Conference on June 27, 2022.

LockBit 3.0 introduces the first ransomware bug bounty program https://www.bleepingcomputer.com/news/security/lockbit-30-introduces-the-first-ransomware-bug-bounty-program/

27/06/2022 21:09:08

The LockBit ransomware operation has released 'LockBit 3.0,' introducing the first ransomware bug bounty program and leaking new extortion tactics and Zcash cryptocurrency payment options.

The Untold Story of NotPetya, the Most Devastating Cyberattack in History https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/

27/06/2022 20:10:06

Crippled ports. Paralyzed corporations. Frozen government agencies. How a single piece of code crashed the world.

Python packages upload your AWS keys, env vars, secrets to the web https://blog.sonatype.com/python-packages-upload-your-aws-keys-env-vars-secrets-to-web

27/06/2022 09:21:55

Multiple Python packages caught by Sonatype were seen uploading secrets such as AWS keys and environment variables to a web endpoint.

The hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs https://securelist.com/modern-ransomware-groups-ttps/106824/

27/06/2022 09:19:46

We want to familiarize the reader with the different stages of ransomware deployment and provide a visual guide to defending against targeted ransomware attacks.

There Is More Than One Way to Sleep: Dive Deep Into the Implementations of API Hammering by Various Malware Families https://unit42.paloaltonetworks.com/api-hammering-malware-families/

26/06/2022 13:26:06

Learn about the unique implementations of API Hammering malware samples and how to mitigate them.

Liens par page

Filtres