Recherche : [E*N] - Cyberveille

Reuters exposé of hack-for-hire world is back online after Indian court ruling https://www.reuters.com/world/india/reuters-expos-hack-for-hire-world-is-back-online-after-indian-court-ruling-2024-10-26/?user_email=9e19aa6ed986d20195d4113ba5a6a3e709c18e0549688aa9b20d5f2e8d0dec05&lctg=6596a37f125992f7eb0b5ac9

26/10/2024 21:50:13

Reuters News has restored to its website an investigation into mercenary hacking after a New Delhi court lifted a takedown order it issued last year.
The article, originally published on Nov. 16, 2023, and titled “How an Indian startup hacked the world,” detailed the origins and operations of a New Delhi-based cybersecurity firm called Appin. Reuters found that Appin grew from an educational startup to a hack-for-hire powerhouse that stole secrets from executives, politicians and wealthy elites around the globe.

New Windows Driver Signature bypass allows kernel rootkit installs https://www.bleepingcomputer.com/news/security/new-windows-driver-signature-bypass-allows-kernel-rootkit-installs/

26/10/2024 19:05:48

Attackers can downgrade Windows kernel components to bypass security features such as Driver Signature Enforcement and deploy rootkits on fully patched systems.
#Attack #Bypass #Computer #Downgrade #Elevation #Escalation #InfoSec #Privilege #Privileges #Rootkit #Security #Windows #of

How Israel’s bulky pager fooled Hezbollah https://www.reuters.com/graphics/ISRAEL-PALESTINIANS/HEZBOLLAH-PAGERS/mopawkkwjpa/

26/10/2024 14:35:17

An invisible detonator and wafer-thin plastic explosives turned batteries into bombs

Akira ransomware continues to evolve https://blog.talosintelligence.com/akira-ransomware-continues-to-evolve/

26/10/2024 13:05:58

As the Akira ransomware group continues to evolve its operations, Talos has the latest research on the group's attack chain, targeted verticals, and potential future TTPs.

Chinese Hackers Are Said to Have Targeted Phones Used by Trump and Vance https://www.nytimes.com/2024/10/25/us/politics/trump-vance-hack.html?unlocked_article_code=1.U04.dkDJ.2aP0tmFEROpJ&smid=url-share

26/10/2024 12:59:39

The targeting of the Republican presidential ticket’s phones is part of what appears to be a wide-ranging effort to gather information about American leaders.

Fake IT Workers: How HYPR Stopped a Fraudulent Hire https://blog.hypr.com/hypr-unmasks-fake-it-worker

25/10/2024 16:31:33

HYPR recently experienced a fake IT worker attempting to gain employment. We are sharing the details to bring awareness to how widespread the problem is.

Embargo ransomware: Rock’n’Rust https://www.welivesecurity.com/en/eset-research/embargo-ransomware-rocknrust/

25/10/2024 09:12:20

ESET researchers uncover new Rust-based tools that we named MDeployer and MS4Killer and that are actively utilized by a new ransomware group called Embargo.

The Global Surveillance Free-for-All in Mobile Ad Data – Krebs on Security https://krebsonsecurity.com/2024/10/the-global-surveillance-free-for-all-in-mobile-ad-data/

25/10/2024 09:11:35

Not long ago, the ability to remotely track someone’s daily movements just by knowing their home address, employer, or place of worship was considered a powerful surveillance tool that should only be in the purview of nation states. But a…

Triad Nexus: Silent Push exposes FUNNULL CDN hosting DGA domains for suspect Chinese gambling sites, investment scams, a retail phishing campaign, and a polyfill.io supply chain attack impacting 110,000+ sites https://www.silentpush.com/blog/triad-nexus-funnull/

25/10/2024 08:59:33

Key findings Executive summary Background Join the Silent Push Community Sign up for a free Silent Push Community account FUNNULL and fake trading apps FUNNULL’s CDN, rising up from corrupted soil Additional hostname analysis FUNNULL CNAME chains An in-depth look at FUNNULL’s corporate brand Suncity Group connections Suncity Group-related infrastructure accounted for more than 6,500

Apple Shares Private Cloud Compute Virtual Research Environment, Provides Bounties for Vulnerabilities - MacRumors https://www.macrumors.com/2024/10/24/apple-private-cloud-compute-security-info/

25/10/2024 08:13:02

Private Cloud Compute is a cloud intelligence system that Apple designed for private artificial intelligence processing, and it's what Apple is...

Encrypted Chat App ‘Session’ Leaves Australia After Visit From Police https://www.404media.co/email/348bad40-82a3-44df-9243-a47dfeafd19a/

24/10/2024 09:37:27

After federal police came to an employee’s house to ask questions, encrypted messaging company Session has decided to leave Australia and switch to a foundation model based in Switzerland.

macOS NotLockBit | Evolving Ransomware Samples Suggest a Threat Actor Sharpening Its Tools https://www.sentinelone.com/blog/macos-notlockbit-evolving-ransomware-samples-suggest-a-threat-actor-sharpening-its-tools/

23/10/2024 21:05:49

An unknown threat actor is developing ransomware to lock files and steal data on macOS, and it's not LockBit.

Fortinet FortiManager CVE-2024-47575 Exploited in Zero-Day Attacks https://www.rapid7.com/blog/post/2024/10/23/etr-fortinet-fortimanager-cve-2024-47575-exploited-in-zero-day-attacks/

23/10/2024 18:45:31

On Wednesday, October 23, 2024, security company Fortinet published an advisory on CVE-2024-47575, a critical zero-day vulnerability affecting their FortiManager network management solution. The vulnerability arises from a missing authentication for a critical function [CWE-306] in the FortiManager fgfmd daemon that allows a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests. The vulnerability carries a CVSS v3 score of 9.8.

Ransomware Gangs Use LockBit's Fame to Intimidate Victims in Latest Attacks https://thehackernews.com/2024/10/ransomware-gangs-use-lockbits-fame-to.html

23/10/2024 11:56:42

Threat actors exploit Amazon S3 in ransomware attacks, using AWS credentials for data theft.

ShadyShader: Crashing Apple Devices with a Single Click https://www.imperva.com/blog/shadyshader-crashing-apple-m-series-with-single-click/

23/10/2024 11:41:59

ShadyShader: Crashing Apple M-Series Devices with a Single Click

Rogue RDP – Revisiting Initial Access Methods https://www.blackhillsinfosec.com/rogue-rdp-revisiting-initial-access-methods/

23/10/2024 11:37:28

MThe Hunt for Initial Access With the default disablement of VBA macros originating from the internet, Microsoft may be pitching a curveball to threat actors and red […]

Authenticated Remote Code Execution in multiple Xerox printers https://sec-consult.com/vulnerability-lab/advisory/authenticated-remote-code-execution-in-multiple-xerox-printers/

23/10/2024 11:33:04

Multiple Xerox printers (EC80xx, AltaLink, VersaLink, WorkCentre) were affected by an authenticated remote code execution vulnerability which allowed an attacker with administrative web credentials to fully compromise the devices with root privileges on the operating system.

How Low Can You Go? An Analysis of 2023 Time-to-Exploit Trends https://cloud.google.com/blog/topics/threat-intelligence/time-to-exploit-trends-2023?hl=en

23/10/2024 11:01:54

Mandiant analyzed 138 vulnerabilities that were disclosed in 2023 and that we tracked as exploited in the wild.

Burning Zero Days: FortiJump FortiManager vulnerability used by nation state in espionage via MSPs https://doublepulsar.com/burning-zero-days-fortijump-fortimanager-vulnerability-used-by-nation-state-in-espionage-via-msps-c79abec59773

23/10/2024 09:53:22

Did you know there’s widespread exploitation of FortiNet products going on using a zero day, and that there’s no CVE? Now you do.

ESET themed wiper Targets Israel https://blu3eye.gitbook.io/malware-insight/eset-wiper

23/10/2024 08:50:31

It all started with an ESET statement on their official account on "X", wherein they mentioned that their partner company in Israel has gone under a targeted malicious email campaign that they managed to block within 10 minutes.

Liens par page

Filtres