yaracroft @venom@nanao.cybtex.fr

Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory #tools #informatique

https://github.com/optiv/Ivy

How to bypass EDR with Microsoft Teams ?

• Copy payload into: %userprofile%\AppData\Local\Microsoft\Teams\current\

• Then: %userprofile%\AppData\Local\Microsoft\Teams\Update.exe --processStart payload.exe --process-start-args "args"

Credit: Elli (IR)
#microsoft #teams #windows #informatique

ParseFortinetSerialNumber - A #Python #script to parse #Fortinet products serial numbers, and detect the associated model and version. #windows #tools #informatique

https://github.com/p0dalirius/ParseFortinetSerialNumber

MirrorDump - Another LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory. #windows #tools #informatique

https://github.com/snovvcrash/MirrorDump

[PDF] A comprehensive set of reverse engineering tutorials covers x86, x64 as well as 32-bit ARM and 64-bit architectures. #informatique

https://0xinfection.github.io/reversing/reversing-for-everyone.pdf

🇺🇸 The health information management services provider CIOX Health (cioxhealth.com) has suffered a data breach that has affected at least 32 healthcare providers. CIOX health started notifying affected healthcare provider clients about the breach on December 30, 2021. The security breach has been reported to the HHS' Office for Civil Rights by CIOX Health as affecting 12,493 individuals. #usa #healthcare #medical #services #cyber #threats #databreach #santé #informatique

https://www.hipaajournal.com/over-30-healthcare-providers-affected-by-ciox-health-data-breach/

🇦🇷 Ataque informático contra algunos servidores del Poder Judicial del Chaco (justiciachaco.gov.ar) #argentina #ransomware #city #distruptive #cyber #threats #outage #databreach #argentine #informatique

http://e-procesal.com/wp-content/uploads/2022/01/Comunicado-Urgente.pdf

New Windows Server updates cause DC boot loops, break Hyper-V. The most serious issue introduced by these #updates is that Windows Domain Controllers enter a boot loop, with servers getting into an endless cycle of #Windows starting and then rebooting after a few minutes. After installing Microsoft Updates, #Windows Resilient File System (ReFS) volumes are no longer accessible or are seen as RAW (unformatted) after installing the updates. In addition to the boot loops, Hyper-V no longer starts on the server. Microsoft released security updates to fix four different Hyper-V vulnerabilities yesterday (CVE-2022-21901, CVE-2022-21900, CVE-2022-21905, and CVE-2022-21847), which are likely causing this issue. #vuln #microsoft #windows #bugs #informatique

https://www.bleepingcomputer.com/news/microsoft/new-windows-server-updates-cause-dc-boot-loops-break-hyper-v/

🇬🇧 Plus de 50 000 courriers envoyés par des banques et des collectivités locales indexées par Google suite à une erreur de la société de sous-traitance Virtual Mail Room (vmailroom.co.uk) #uk #databreach #informatique

https://www.wired.co.uk/article/virtual-mail-room-data-breach

La start-up française 🇫🇷 Pasqal (pasqal.io) qui cherche à développer un ordinateur quantique de 1 000 qubits fusionne avec l'entreprise Néerlandaise 🇳🇱 Qu&Co (quandco.com) pour donner naissance à un leader européen. #france #nederlands #quantum #cyber #business #quantique #informatique

https://pasqal.io/2022/01/11/quantum-startups-pasqal-and-quco-announce-merger-to-leverage-complementary-solutions-for-global-market/

🇨🇭 « Il faut parler du nouveau danger informatique » ( Denise Gemesio, ingénieure en informatique, conseillère communale PLR ) #swiss #political #numérique #digital #suisse #cloud #cyber #politics #informatique
https://www.24heures.ch/il-faut-parler-du-nouveau-danger-informatique-816295074323

🇫🇷 1/4 des employés français de -45 ans sont prêt à démissionner à cause d'expériences négatives avec l'outil informatique. Ras-le-bol. La coupe est pleine. #france #numérique #digital #report #cloud #cyber #business #informatique
https://www.solutions-numeriques.com/un-employe-de-45-ans-sur-4-pret-a-demissionner-a-cause-de-linformatique/

A code similarity of 85% between the #Linux and #Windows samples of TellYouThePass, showcasing the minimal adjustments needed to make the #ransomware run on different operating systems. #Google #Golang's popularity among #malware developers has steadily increased over the past years. #cyber #threats #informatique
https://www.crowdstrike.com/blog/tellyouthepass-ransomware-analysis-reveals-modern-reinterpretation-using-golang/

🇨🇭 Gestion de fortune: la plateforme Aquila (aquila.ch) victime d'un piratage ? Des pirates affirment avoir volé des données à la société zurichoise, un important acteur de la finance, qui offre des services à des gestionnaires de fortune indépendants, notamment à Genève. #swiss #cyber #financial #threats #money #databreach #suisse #informatique
https://www.letemps.ch/economie/gestion-fortune-plateforme-aquila-victime-dune-cyberattaque

🇺🇸 Une prison du Nouveau-Mexique aux États-Unis paralysée par une attaque informatique de type #ransomware. Des caméras et des portes automatiques hors service, le fonctionnement du centre de détention est en mode dégradé, et les détenus ont été confinés. #usa #cyber #digital #threats #informatique

https://www.numerama.com/cyberguerre/816371-une-prison-americaine-a-ete-paralysee-par-une-cyberattaque.html

🇺🇸 A #ransomware attack took a New Mexico jail offline, leaving inmates in #lockdown - The attack knocked out #security cameras and automatic #doors in the #detention center in Bernalillo County, triggering a crisis response #usa #ransomware #city #cyber #networks #devices #threats #informatique

https://www.theverge.com/2022/1/11/22878471/ransomware-attack-new-mexico-jail-lockdown-cameras-bernalillo-county

In December 2022, LibreOffice's QA community worked on hundreds of bug reports, and resolved 489 of them. #libreoffice #informatique
https://qa.blog.documentfoundation.org/2022/01/12/qa-dev-report-december-2021/

Microsoft Security Update Guide (SUG) - Customers can sign up with any email address ( no longer a requirement that the email be a Microsoft Live ID ) and receive notifications at that #email address. The new system will be launched in 3 phases:

• Phase #1 : Create a « Profile » and « Sign-up » for the new notifications
• Phase #2 : Notifications sent from new system and old system
• Phase #3 : Notifications cease from old system

When we reach a critical mass of people receiving the new notifications, we will discontinue sending from the old system. #windows #updates #notifications #informatique
\https://msrc-blog.microsoft.com/2022/01/11/coming-soon-new-security-update-guide-notification-system/

🌟 A great article ! ESET researchers look at malware that abuses vulnerabilities in kernel drivers and outline mitigation techniques against this type of exploitation. Vulnerable drivers have been a known problem for a long time and have been abused, and while some effort has been made to mitigate the effects, it is still an ongoing battle. #microsoft #windows #software #kernel #driver #device #threats #informatique #informatique

https://www.welivesecurity.com/2022/01/11/signed-kernel-drivers-unguarded-gateway-windows-core/

Analyzing malicious Office files - Microsoft #Office files are used by attackers to deliver #malware to endpoints. Attackers are leveraging both the different file formats and vulnerabilities in Microsoft Office products to launch malicious commands that will eventually lead to malware. #windows #cyber #threats #informatique #informatique

https://www.intezer.com/blog/malware-analysis/analyze-malicious-microsoft-office-files/