Recherche : [EN] - Cyberveille

Zero Day Initiative — CVE-2022-23088: Exploiting a Heap Overflow in the FreeBSD Wi-Fi Stack https://www.zerodayinitiative.com/blog/2022/6/15/cve-2022-23088-exploiting-a-heap-overflow-in-the-freebsd-wi-fi-stack

21/06/2022 08:50:54

In April of this year, FreeBSD patched a 13-year-old heap overflow in the Wi-Fi stack that could allow network-adjacent attackers to execute arbitrary code on affected installations of FreeBSD Kernel. This bug was originally reported to the ZDI program by a researcher known as m00nbsd and patched in

BRATA is evolving into an Advanced Persistent Threat https://www.cleafy.com/cleafy-labs/brata-is-evolving-into-an-advanced-persistent-threat?s=09

20/06/2022 08:49:35

Here we go with another episode about our (not so) old friend, BRATA. In almost one year, threat actors (TAs) have further improved the capabilities of this malware. In our previous blog post [1] we defined three main BRATA variants, which appeared during two different waves detected by our telemetries at the very end of 2021. However, during the last months we have observed a change in the attack pattern commonly used.

What It Means that the U.S. Is Conducting Offensive Cyber Operations Against Russia https://zetter.substack.com/p/what-it-means-that-the-us-is-conducting

18/06/2022 10:38:58

Gen. Paul Nakasone's remarks this month about offensive operations against Russia caused a stir. But have people misinterpreted his words?

Phishing tactics: how a threat actor stole 1M credentials in 4 months https://pixmsecurity.com/blog/blog/phishing-tactics-how-a-threat-actor-stole-1m-credentials-in-4-months/

17/06/2022 10:50:59

It is rare that the identities of participants and ringleaders in criminal phishing schemes are uncovered. But in many cases, when untangling the web of a cyber criminal group (particularly with financially motivated e-crime actors), there are enough OSINT breadcrumbs left behind by a threat actor, on forums, in code, or elsewhere, to point investigators in the right direction.

Last Week on My Mac: Introducing XProtect Remediator, successor to MRT – The Eclectic Light Company https://eclecticlight.co/2022/06/12/last-week-on-my-mac-introducing-xprotect-remediator-successor-to-mrt/

17/06/2022 08:43:06

MRT’s days appear numbered. On 14 March this year, Apple released its successor – a new version of XProtect, which now does the lot.

Analysis of dark web posts selling access to corporate networks https://securelist.com/initial-access-data-price-on-the-dark-web/106740/

17/06/2022 07:11:54

Money has been and remains the main motivator for cybercriminals. The most widespread techniques of monetizing cyberattacks include selling stolen databases, extortion (using ransomware) and carding. However, there is demand on the dark web not only for data obtained through an attack, but also for the data and services necessary to organize one (e.g., to perform specific steps of a multiphase attack)

Telerik UI exploitation leads to cryptominer, Cobalt Strike infections https://news.sophos.com/en-us/2022/06/15/telerik-ui-exploitation-leads-to-cryptominer-cobalt-strike-infections/

17/06/2022 07:11:21

Attacker targets bugs in a popular web application graphical interface development tool.

Password policies of most top websites fail to follow best practices https://passwordpolicies.cs.princeton.edu/

17/06/2022 07:07:02

We examined the password policies of 120 of the most popular English-language websites in the world.

Police Linked to Hacking Campaign to Frame Indian Activists https://www.wired.com/story/modified-elephant-planted-evidence-hacking-police/

16/06/2022 21:36:26

New details connect police in India to a plot to plant evidence on victims' computers that led to their arrest.

Zimbra Email - Stealing Clear-Text Credentials via Memcache injection https://blog.sonarsource.com/zimbra-mail-stealing-clear-text-credentials-via-memcache-injection/

15/06/2022 18:18:08

We discovered flaws in Zimbra, an enterprise email solution, that allow attackers to steal credentials of users and gain access to their email accounts.

Ransomware Group Debuts Searchable Victim Data https://krebsonsecurity.com/2022/06/ransomware-group-debuts-searchable-victim-data/

15/06/2022 11:45:04

Cybercrime groups that specialize in stealing corporate data and demanding a ransom not to publish it have tried countless approaches to shaming their victims into paying. The latest innovation in ratcheting up the heat comes from the ALPHV/BlackCat ransomware group,…

Cloudflare mitigates 26 million request per second DDoS attack https://blog.cloudflare.com/26m-rps-ddos/

15/06/2022 06:54:58

Last week, Cloudflare automatically detected and mitigated a 26 million request per second DDoS attack — the largest HTTPS DDoS attack on record.

A new vulnerability in Intel and AMD CPUs lets hackers steal encryption keys https://arstechnica.com/information-technology/2022/06/researchers-exploit-new-intel-and-amd-cpu-flaw-to-steal-encryption-keys/

15/06/2022 06:54:19

Hertzbleed attack targets power-conservation feature found on virtually all modern CPUs.

Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild https://decoded.avast.io/davidalvarez/linux-threat-hunting-syslogk-a-kernel-rootkit-found-under-development-in-the-wild/

14/06/2022 09:44:10

Introduction Rootkits are dangerous pieces of malware. Once in place, they are usually really hard to detect. Their code is typically more challenging to write than other malware, so developers resort to code reuse from open source projects. As rootkits are very interesting to analyze, we are always looking out for these kinds of samples […]

Vulnerability discovered in Apple M1 chip https://www.theregister.com/2022/06/10/apple_m1_pacman_flaw/

13/06/2022 19:17:10

MIT CSAIL boffins devise PACMAN attack to let existing exploits avoid pointer authentication

SeaFlower 藏海花 A backdoor targeting iOS web3 wallets https://objective-see.org/blog/blog_0x6F.html

13/06/2022 15:45:33

Confiant monitors 2.5+ billion ads per day via 110+ integrations in the advertising stack. This provides great visibility on malicious activity infiltrating the ad stack and the broader Internet. And that includes all the web3 malicious activity funneling thru it.

The variety and the range of our detection enable Confiant to detect unique malicious activity as soon as it surfaces.

SeaFlower is an example of this unique cluster of malicious activities targeting web3 wallet users that we will document in this blog post.

Multiple Vulnerabilities in Infiray IRAY-A8Z3 thermal camera https://sec-consult.com/vulnerability-lab/advisory/infiray-iray-thermal-camera-multiple-vulnerabilities/

13/06/2022 12:04:37

The IRAY A8Z3 thermal camera for industrial application, manufactured by Infiray/IRay Technologies is affected by multiple vulnerabilities.

Lyceum .NET DNS Backdoor https://www.zscaler.com/blogs/security-research/lyceum-net-dns-backdoor

13/06/2022 11:40:06

The Lyceum APT group is targeting Middle East organizations with DNS hijacking attack using a new .NET-based malware.

ASyncRat surpasses Dridex, TrickBot and Emotet to become dominant email threat https://blog.malwarebytes.com/threat-analysis/2022/06/asyncrat-surpasses-dridex-trickbot-and-emotet-to-become-dominant-email-threat/

13/06/2022 11:36:11

Earlier this year Malwarebytes released its 2022 Threat Review, a review of the most important threats and cybersecurity trends of 2021, and what they could mean for 2022. Among other things it covers the year’s alarming rebound in malware detections, and a significant shift in the balance of email threats.

Symbiote: A New, Nearly-Impossible-to-Detect Linux Threat https://www.intezer.com/blog/research/new-linux-threat-symbiote/

10/06/2022 08:19:14

Symbiote is a new Linux malware we discovered that acts in a parasitic nature, infecting other running processes to inflict damage on machines.

Liens par page

Filtres