Tag: CERT-W

Zimbra Mailbox Compromise: From Analysis to Remediation (Part 2)

2 weeks ago
Read Time: 14 minutes
by Evenson Jeunesse and Clément Gonnaud
Leave a comment

It's time to begin the second part of our Zimbra investigation. If you haven't read the first part yet, we strongly recommend starting HERE before continuing.In this second part, we'll assume that an attacker has managed to compromise a Zimbra…

1 month ago
Read Time: 16 minutes
by Evenson Jeunesse and Clément Gonnaud
Leave a comment

Zimbra Mailbox Compromise: From Analysis to Remediation (Part 1)

The simplest attacks are often the most effective. In most companies, webmail access portals are exposed on the internet and do not always benefit from sufficient access-control mechanisms. In addition, some messaging services offer extended features that go beyond simple…

3 years ago
Read Time: 8 minutes
by CERT-W
Leave a comment

An overview of the different cybercriminal uses case of ChatGPT The one year report about the cyber operations between Ukraine and Russia, by the CERT-EU CHATGPT What opportunities for the underground world of cybercrime ? Need a refresh about…

4 years ago
Read Time: 3 minutes
by Gérôme Billois and Nicolas Gauchard
Leave a comment

Cyberattacks in 2021: ransomwares, still threat n°1

On the launch of the European Cybersecurity Month and for the Assises de la Sécurité (from 13 to 16 October 2021), Wavestone unveils the new edition of its benchmark of cybersecurity incidents. To this end, we reviewed the interventions of the CERT-Wavestone crisis…

5 years ago
Read Time: 5 minutes
by CERT-W

DECRYPTION CYBER CRIMINAL NETWORK DISMANTELING The last 6 months, large-scale coordinated international actions have dismantled several of the biggest cybercriminal networks such as Emotet, Netwalker, Egregor or even Cl0p. Let’s have a closer look at some of them. What is Emotet?…

5 years ago
Read Time: 3 minutes
by CERT-W

Monthly indicators TOP ATTACK Two French hospital under ransomware attacks Ransomware attacks struck two French hospital groups in less than a week, prompting the transfer of some patients to other facilities but not affecting care for Covid-19 patients or virus…

5 years ago
Read Time: 4 minutes
by CERT-W

Monthly indicators TOP ATTACK SolarWinds aftermaths On the 11th of January, a website presumably owned by the actors behind the SolarWinds breach has surfaced, claiming to be selling data obtained using the SolarWinds backdoor. The site, using the domain solarleaks.net,…

5 years ago
Read Time: 3 minutes
by CERT-W

Monthly indicators TOP ATTACK The massive SolarWind hack Russian SVR Hackers have been romping through some 18,000 of SolarsWinds' Origin customer servers using the SUNBURST malware installed via a backdoored update server. FireEye, Microsoft and GoDaddy believe the avsvmcloud domain…

5 years ago
Read Time: 3 minutes
by CERT-W

Monthly indicators TOP ATTACK Brazilian government recovers from "worst-ever" cyberattack After suffering the most severe cyberattack ever orchestrated against a Brazilian public sector institution on the 3rd , the Superior Electoral Court (STJ, in the Portuguese acronym) has managed to…

5 years ago
Read Time: 2 minutes
by CERT-W

Monthly indicators TOP ATTACK SOPRA STERIA HIT BY NEW VERSION OF RYUK RANSOMWARE French IT giant Sopra Steria was hit with a cyber-attack that disrupted the business of the firm. The virus has been identified: it is a new version…