• romain
• 23 juillet 2023
• • Matinale cyber

Sources pour la matinale cyber du 23 juillet 2023

Annonces

Annonces

Arrestations

Annonces

Industrie

Attaques et Piratages

Data Leaks

Threat Intel

Threat Intel

Menaces

Threat Intel

Malware

Threat Intel

APTs

Campagne et Exploitations

Vulnérabilités

Articles

Géopolitique

Data Sécu

Outils

Des échanges de cryptoactifs piratés ?

OSEF (USA)

A TRIER

• 700k TikTok accounts hacked in Turkey: An unidentified thre
• Est ee Lauder incident: Cosmetics giant Estee Lauder has dis
• MOVEit hacks: The total number of victims has now surpassed
• VT customer leak: A file containing a list of more than 5,6
• Dating apps leak: Security researcher Jeremiah Fowler has d
• Amazon in-van footage leak: Surveillance footage from Amazo

A TRIER- 2

• Kronos ransomware lawsuit: UKG, the company behind the Kron
• TOMRA cyberattack: TOMRA, one of the world's largest recycl
• Odessa breach (maybe): US authorities are investigating a s
• MOVEit hacks: Stock photography portal Shutterfly and the D
• Russian TV stations hacked (again): Ukrainian hackers breac
• Google throws support for MLS protocol: The Internet Engine
• Apple threatens UK exit: Apple says it will pull FaceTime a

A TRIER- 3

• Ban on private NL domains: Dutch national domain registrar
• Passkeys come to TikTok: TikTok is gradually rolling out su
• Meta fined in Norway: Norway's privacy watchdog Datatilsyne
• Wikipedia joins Mastodon: The Wikimedia Foundation has join
• Chrome 115: Google Chrome v115 has started rolling out to u
• New DUNS policy on the Play Store: All organizations that w
• OpenBSD new security feature: The OpenBSD team has enabled

A TRIER- 4

• Descent into the far-right: Twitter continues its descent in
• Twitter changes everyone's DM settings: Twitter has forcibl
• Spotify makes private playlists private: Music streaming se
• Reddit removes years of DMs: And keeping with companies tha
• Meta blocks EU users on Threads: Meta has blocked EU users
• Fourth Amendment Is Not For Sale Act: The House Judiciary C
• CANSEE Act: Also in US legislative news, a bipartisan group

A TRIER- 5

• Amazon agrees to FTC &DOJ fine: Amazon has agreed to pay a $
• US sanctions Cytrox and Intellexa: The US government has sa
• Top US cyber official denied post: The White House does not
• Typo sends military emails to Mali domains: A Dutch interne
• Cyber Flag 2023: The Cyber Flag yearly virtual exercise wil
• 5G network slicing guidance: CISA and the NSA have released
• CISA cloud security tools: Over the past few months, CISA h

A TRIER- 6

• Dutch government bans ten mobile apps: The Dutch government
• DDoS trends Q2 2023: In its second quarter threat report, C
• Malvertising campaigns overview: Sophos has a review of the
• WhatsApp account deactivation: You can deactivate anyone's
• TheTruthSpy profile: TechCrunch's Zack Whittaker has a prof
• KillNet: Google's Mandiant division has published a profile
• Mallox ransomware activity: Palo Alto Networks has highligh

A TRIER- 7

• DEV-0970/Storm-0970: CyFirma takes a look at DEV-0970/Storm
• Cactus victims: The Cactus ransomware group has listed 18 v
• BEC scammer sentenced: A Nigerian man named Olalekan Jacob
• Hackers arrested in Azerbaijan: Azerbaijan officials have d
• Russian bot form dismantled: Ukraine's Cyber Police has dis
• RedCurl attack: The RedCurl cybercrime group [1, 2] has all
• Malicious PyPI package: Sonatype researchers have discovere

A TRIER- 8

• La_Citrix self-dox: An initial-access broker named La_Citri
• Soup crypto-scammer: Blockchain investigator ZachXBT claims
• WebAPK phishing: Google's WebAPK technology can be used for
• FBI tech support scam warning: The FBI warns about the rise
• Email extortions: A Barracuda investigation found that roug
• Rogue IT worker sentenced: A British man has been sentenced
• Scareware developer arrested after 10 years: The Spanish Na

A TRIER- 9

• Pompompurin pleads guilty: BreachForums administrator Conor
• New npm malware: Sixty-four malicious npm packages were dis
• Malicious GitHub repos dropping malware: A security researc
• Genesis Market sold to new owner: The administrator of the
• SophosEncrypt RaaS: Sophos says that a newly-launched ranso
• Blacksuit ransomware: ShadowStackRE has published an analys
• Ursnif: Kostas takes a look at the post-exploitation action

A TRIER- 10

• FakeUpdates campaign: Malwarebytes has details on a FakeUpd
• LaplasClipper: ANY.RUN has published a technical analysis o
• Pamspy: AquaSec has a report on how to detect the new Pamsp
• P2PInfect: Palo Alto Networks has discovered a new peer-to-
• BundleBot: Check Point has a pretty thorough breakdown of B
• HotRat: Avast researchers have reverse-engineered HotRat, a
• Sardonic backdoor: Broadcom's Symantec has a report out on

A TRIER- 11

• VoidRAT: SecurityScorecard's Vlad Pasca has a breakdown of V
• Danabot: Version 3 of the Danabot malware has been spotted
• LOBSHOT: OALABS has published IOCs on LOBSHOT, a new malwar
• NoEscape ransomware: A new ransomware operation named NoEsc
• Website redirection malware: Sucuri has the details on a pi
• BlotchyQuasar: IBM X-Force has published a technical analys
• Blackmoon: The operators of the Blackmoon (KRBanker) bankin

A TRIER- 12

• Chinese APT stealth tactics: Mandiant has published a repor
• Space Pirates: Russian security firm Positive Technologies
• APT41's Android malware: Lookout has formally linked two pi
• SideCopy APT: ThreatMon takes a look at the SideCopy APT an
• DPRK campaign on GitHub: A North Korean APT group named Tra
• JumpCloud incident: SentinelOne has formally confirmed our
• Turla targets Signal chats: Microsoft and Ukraine's CERT te

A TRIER- 13

• APT28: EclecticIQ researchers have published a report linki
• Pakistani government supply chain attack: Security firm Tre
• XDSpy: Russian security firm FACCT has published details ab
• Armageddon APT: Ukraine's CERT team has published an analys
• Storm-0558: Microsoft has published more technical details
• Google sets up AI Red Team: Google has established a dedica
• Adobe ColdFusion zero-day: Adobe has released an emergency

A TRIER- 14

• MegaRAC vulnerabilities: Eclypsium has disclosed details on
• MOVEit RCE: ZDI has published a detailed analysis of CVE-20
• OpenSSH RCE: Qualys researchers have discovered an RCE (CVE
• Outlook March zero-day: Kaspersky has a write-up on CVE-2023
• PaperCut exploitation: Juniper has released a write-up on C
• Oracle CPU: The quarterly Oracle security updates are out,
• SSVC decision tree: Nucleus Security's Patrick Garrity has

A TRIER- 15

• Pwn2Own Toronto 2023: Rules for the Pwn2Own Toronto 2023 ha
• WooCommerce Payments exploitation: Threat actors are exploi
• Adobe ColdFusion exploitation: Threat actors are exploiting
• Citrix exploitation: Networking equipment vendor Citrix has
• Jira exploitation: Also in exploitation news, a threat acto
• Bad.Build vulnerability: Orca Security has discovered a des
• Microsoft bug reporting: Microsoft's Security Response Cent

A TRIER- 16

• Ghostscript RCE PoC: Kroll has released details and a PoC f
• WP plugin logs passwords in plaintext: The developers of th
• Crit.IX vulnerabilities: Armis researchers have discovered
• EchOh-No vulnerability: A team of security researchers has
• Satellite security decades behind: A team of academics from
• ICS security paper: ICS security engineer Marina Krotofil h
• Kevin Mitnick: The cybersecurity industry mourns the passing

A TRIER- 17

• Infosec Twitter research: The Cyentia research institute ha
• Industrial protocols: Orange's cybersecurity team has put t
• Hardwear.io USA videos: Talks from the Hardwear.io USA 2023
• fwd:cloudsec videos: Talks from the fwd:cloudsec 2023 secur
• Summercon videos: Talks from the Summercon 2023 security co
• Pass the SALT videos: Talks from the Pass the SALT 2023 sec
• New tool --BINSEC: A group of security researchers has open-

A TRIER- 18

• New tools --AI VPN and Slips: Stratosphere IPS, a Cybersecur
• New tool --ShellSweep: Splunk's Michael Haag has released a
• New tool --LolDriverScan: Security firm FourCore has open-so
• New tool --IAMActionHunter: Rhino Security has open-sourced
• IDA Rust support: Hex-Rays has promised to improve IDA's su
• Infosec investments in Q2 2023: The Pinpoint Search Group s
• Security for the board: Google Cloud has published the seco

A TRIER- 19

• CISO survey: Executive search company Heidrick & Struggles