News hacks...

News hacks

  • Alleged member of ShinyHunters group extradited to the US, could face 116 years in jail
    par Pierluigi Paganini le 29 janvier 2023 à 21h37

    An alleged member of the ShinyHunters cybercrime gang has been extradited from Morocco to the United States. Sebastien Raoult, a French national who is suspected of being a member of ShinyHunters cybercrime gang known as “Seyzo Kaizen,” has been extradited from Morocco to the United States. The 22-year-old man was arrested in Morocco at Rabat international airport in Morocco on May 31, 2022, while trying to take a flight to Brussels. Raoult and two other co-conspirators are charged with having hacked into protected computers of corporate entities and for the theft of stolen proprietary information.  “According to the indictment, Raoult was a participant in a hacking group that dubbed itself the “ShinyHunters.”  The conspirators allegedly hacked into protected computers of corporate entities for the theft of proprietary and corporate information.  The group advertised sensitive stolen data for sale and sometimes threatened to leak or sell stolen sensitive files if the victim did not pay a ransom.” reads the press release published by DoJ. “Since early 2020, ShinyHunters Group has marketed and promoted data stolen from more than 60 companies in Washington State and elsewhere around the world.” The group offered the stolen data for sale and sometimes threatened to leak it if the victim did not pay a ransom. It has been estimated that since early 2020, the ShinyHunters group has targeted more than 60 companies worldwide (including Tokopedia, Homechef, Chatbooks.com, Microsoft, AT&T, and Minted). The indictment also charges 23-year-old Gabriel Kimiaie-Asadi Bildstein aka “Kuroi” and “Gnostic Players,” of Tarbes, France, and 22-year-old Abdel-Hakim El Ahmadi aka “Zac” and “Jordan Keso” of Lyon, France. If convicted, Raoult could face up to 116 years in prison. The defendant’s lawyer, Philip Ohayon has commented on the extradition to the US saying that “France has abandoned him.” “The conspiracy to commit computer fraud and abuse charge is punishable by a maximum of ten years in prison.  The conspiracy to commit wire fraud count is punishable by a maximum of 27 years in prison.  Wire fraud is punishable by a maximum of 20 years in prison.” concludes the Press Release. “Aggravated identity theft is punishable by a mandatory minimum two-year prison term to follow any other prison sentence imposed in the case.” Follow me on Twitter: @securityaffairs and Facebook and Mastodon [adrotate banner=”9″][adrotate banner=”12″] Pierluigi Paganini (SecurityAffairs – hacking, cybercrime) [adrotate banner=”5″] [adrotate banner=”13″] The post Alleged member of ShinyHunters group extradited to the US, could face 116 years in jail appeared first on Security Affairs.

  • Votre standard VoIP gratuit pour les PME & Startups [TUTO]
    par Korben le 29 janvier 2023 à 20h47

    — Vidéo tuto réalisée en partenariat avec 3CX — Il y a quelques semaines, j’ai testé pour vous le service gratuit de VoIP de 3CX et l’accueil a été excellent. Vous avez vraiment kiffé alors comme chez 3CX, ils sont cools, on a décidé de vous faire également uaane vidéo tutoriel pour vous montrer à quel point il est simple de configurer l’offre StartUP gratuite de leur plateforme. L’interface de 3CX est claire, facile à prendre en main et idéale pour communiquer avec ses équipes ou ses clients, au travers d’un chat en direct, ou de WhatsApp / Messenger. Parfait pour les indépendants et petites entreprises, ça permet d’avoir un véritable standard téléphonique intégré à votre CRM et votre site web et de passer comme ça des appels téléphoniques ou faire de la Visio conf de bonne qualité sans débourser un centime. Si vous voulez en savoir plus, je vous invite à vous rendre sur le site de 3CX en cliquant ici et bien sûr à regarder ma vidéo. Découvrez l’offre gratuite de 3CX

  • Pro-Russia group Killnet targets Germany due to its support to Ukraine
    par Pierluigi Paganini le 29 janvier 2023 à 20h41

    Pro-Russia group Killnet launched last week DDoS attacks against the websites of German airports, administration bodies, and banks. The Pro-Russia group Killnet is behind the DDoS attacks that last week hit the websites of German airports, administration bodies, and banks. The attacks are the hacktivists’ response to the German government’s decision to send Leopard 2 tanks to Ukraine. Chancellor Olaf Scholz announced the decision to send 14 tanks – and allow other countries to send theirs too (which was restricted until now under export regulations) – at a cabinet meeting on Wednesday. The Federal Cyber Security Authority (BSI) is investigating the attacks. “The Federal Cyber Security Authority (BSI) had “knowledge of DDoS attacks against targets in Germany””, a spokesman told AFP. “The attacks targeted “in particular at the websites of airports”, as well as some “targets in the financial sector” and “the websites of federal and state administrations”” The Killnet group announced the attacks on its Telegram channel, a common practice of this pro-Russia group. A German government spokesperson explained that the decision to supply the tanks “follows our well-known line of supporting Ukraine to the best of our ability”. The BSI explained that it is not easy to attribute the attacks to a specific actor, under the umbrella Killnet operates multiple hacktivists. “They call for action and then a lot of people take part,” the BSI spokesman said. The attacks made “some websites unavailable”, the BSI said, without there being “any indication of direct impacts on (the organisations’) services”. German intelligence alerted the government about cyberattacks that Russia-linked threat actors can launch against critical infrastructure in the country. The level of cyber attacks against the country is higher “than ever.” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, Moshen Dragon) The post Pro-Russia group Killnet targets Germany due to its support to Ukraine appeared first on Security Affairs.

  • Hackers Using Microsoft OneNote Attachments To Spread Malware
    par /u/achilles4828 le 29 janvier 2023 à 18h24

    submitted by /u/achilles4828 [link] [comments]

  • Comment l’intelligence artificielle transforme l’industrie immobilière
    par FunInformatique le 29 janvier 2023 à 17h36

    Imaginez pouvoir trouver votre maison idéale en un clic. C'est ce que l'intelligence artificielle (IA) rend possible dans l'industrie immobilière. En effet, les sociétés immobilières et les particuliers peuvent désormais tirer parti des avantages de l'IA pour améliorer leurs produits. Vous voulez savoir comment l'IA peut booster votre entreprise immobilière ou votre recherche de logement Comment l’intelligence artificielle transforme l’industrie immobilière

  • Comment corriger l’erreur MEMORY_MANAGEMENT Windows 11
    par Dimitry le 29 janvier 2023 à 16h37

    Si vous êtes arrivé jusqu'ici, c’est que vous avez un problème bien particulier. En effet, vous faites face en ce moment même à l'erreur MEMORY_MANAGEMENT. Dans cet article, on vous aide à en venir à bout ! Car oui, on peut dire qu'aujourd'hui, l’informatique est au cœur de nos vies. C’est un outil que l’on Comment corriger l’erreur MEMORY_MANAGEMENT Windows 11

  • /r/netsec's Q1 2023 Information Security Hiring Thread
    par /u/ranok le 29 janvier 2023 à 16h36

    Overview If you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company. We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education. Please reserve top level comments for those posting open positions. Rules & Guidelines Include the company name in the post. If you want to be topsykret, go recruit elsewhere. Include the geographic location of the position along with the availability of relocation assistance or remote work. If you are a third party recruiter, you must disclose this in your posting. Please be thorough and upfront with the position details. Use of non-hr'd (realistic) requirements is encouraged. While it's fine to link to the position on your companies website, provide the important details in the comment. Mention if applicants should apply officially through HR, or directly through you. Please clearly list citizenship, visa, and security clearance requirements. You can see an example of acceptable posts by perusing past hiring threads. Feedback Feedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.) submitted by /u/ranok [link] [comments]

  • I am super bullish on security champions programs, but running it over a period of time is a challenge. This edition provides some ideas on how to avoid the trap
    par /u/jubbaonjeans le 29 janvier 2023 à 16h36

    submitted by /u/jubbaonjeans [link] [comments]

  • Watch out! Experts plans to release VMware vRealize Log RCE exploit next week
    par Pierluigi Paganini le 29 janvier 2023 à 15h47

    Horizon3’s Attack Team made the headlines again announcing the releasse of a PoC exploit code for remote code execution in VMware vRealize Log. Researchers from the Horizon3’s Attack Team announced the release of PoC exploit code for remote code execution in VMware vRealize Log. Exploitation of multiple vulnerabilities affecting #VMware vRealize Log Insight leads to unauth RCE CVE-2022-31704, CVE-2022-31706, CVE-2022-31711 IOC Blog tomorrow POC / Deep-Dive Blog next weekSee VMware Security Advisory: https://t.co/tldhMQPoPK pic.twitter.com/VesGlE8u5R— Horizon3 Attack Team (@Horizon3Attack) January 26, 2023 The PoC exploit code will trigger a series of flaws in VMware vRealize Log to achieve remote code execution on vulnerable installs. VMware Aria Operations for Logs (formerly vRealize Log Insight) is a log collection and analytics virtual appliance that enables administrators to collect, view, manage and analyze syslog data. Log Insight provides real-time monitoring of application logs, network traces, configuration files, messages and performance data. The availability of an exploit like the one announced by the Horizon3’s Attack Team is a bad news for organizations, a threat actor can develop its own version to gain initial access to targets’ networks and perform a broad range of malicious activities. “This vulnerability is easy to exploit however, it requires the attacker to have some infrastructure setup to serve malicious payloads. Additionally, since this product is unlikely to be exposed to the internet, the attacker likely has already established a foothold somewhere else on the network.” reads a post published by Horizon3’s Attack Team. “This vulnerability allows for remote code execution as root, essentially giving an attacker complete control over the system.” This week VMware addressed multiple vulnerabilities, tracked as CVE-2022-31706, CVE-2022-31704, CVE-2022-31710, and CVE-2022-31711, in its vRealize Log Insight appliance. The most severe flaws impacting the product are a Directory Traversal Vulnerability tracked as CVE-2022-31706 (CVSS score 9.8), and a broken access control vulnerability tracked as CVE-2022-31704 (CVSS score 9.8). An unauthenticated, attacker can exploit one of the two flaws to inject files into the operating system of an impacted appliance which can result in remote code execution. “An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.” reads the advisory published by the virtualization giant. The other flaws fixed by VMware are: CVE-2022-31710 – Deserialization Vulnerability (CVSS score 7.5) that can be exploited by a remote attacker to trigger the deserialization of untrusted data which could result in a denial of service. CVE-2022-31711 – Information Disclosure Vulnerability (CVSS score 7.5) which can be exploited by a remote attacker to collect sensitive session and application information without authentication. The post published by the Horizon3’s Attack Team researchers also includes a list of indicators of compromise (IOCs) that can be used to detect exploitation attempts for the above issues. “Gaining access to the Log Insight host provides some interesting possibilities to an attacker depending on the type of applications that are integrated with it. Often logs ingested may contain sensitive data from other services and may allow an attack to gather session tokens, API keys, and PII.” continues the post. “Those keys and sessions may allow the attacker to pivot to other systems and further compromise the environment.” The experts used the Shodan search engine and discovered only 45 VMware vRealize Log Insight appliances that are exposed online. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, VMware vRealize Log) The post Watch out! Experts plans to release VMware vRealize Log RCE exploit next week appeared first on Security Affairs.

  • Security Affairs newsletter Round 404 by Pierluigi Paganini
    par Pierluigi Paganini le 29 janvier 2023 à 15h47

    A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Copycat Criminals mimicking Lockbit gang in northern EuropeSandworm APT targets Ukraine with new SwiftSlicer wiperISC fixed high-severity flaws in DNS software suite BINDPatch management is crucial to protect Exchange servers, Microsoft warnsHacker accused of having stolen personal data of all Austrians and moreCVE-2023-23560 flaw exposes 100 Lexmark printer models to hackBlackCat Ransomware gang stole secret military data from an industrial explosives manufacturerUK NCSC warns of spear-phishing attacks from Russia-linked and Iran-linked groupsAn unfaithful employee leaked Yandex source code repositoriesHive Ransomware Tor leak site apparently seized by law enforcementExperts warn of a surge of attacks exploiting a Realtek Jungle SDK RCE (CVE-2021-35394)Zacks Investment Research data breach impacted hundreds of thousands of customersGoogle Chrome 109 update addresses six security vulnerabilitiesNorth Korea-linked TA444 group turns to credential harvesting activityFrench rugby club Stade Français leaks source codeDragonSpark threat actor avoids detection using Golang source code InterpretationVMware warns of critical code execution bugs in vRealize Log InsightPakistan hit by nationwide power outage, is it the result of a cyber attack?GoTo revealed that threat actors stole customers’ backups and encryption key for some of themFBI confirms that North Korea-linked Lazarus APT is behind Harmony Horizon Bridge $100 million cyber heistMeta Platforms expands features for EE2E on Messenger AppCISA added Zoho ManageEngine RCE (CVE-2022-47966) to its Known Exploited Vulnerabilities CatalogResearcher found US ‘No Fly List’ on an unsecured serverApple backported patches for CVE-2022-42856 zero-day on older iPhones, iPadsTwo flaws in Samsung Galaxy Store can allow to install Apps and execute JS codeCompanies impacted by Mailchimp data breach warn their customersMassive Ad fraud scheme VASTFLUX targeted over 11 million devicesVideo game firm Riot Games hacked, now it faces problems to release contentExpert found critical flaws in OpenText Enterprise Content Management SystemRoaming Mantis uses new DNS changer in its Wroba mobile malware Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, newsletter) The post Security Affairs newsletter Round 404 by Pierluigi Paganini appeared first on Security Affairs.