👁 socat @socat@nanao.cybtex.fr

Les opérateurs de ransomware Cl0p revendiquent une attaque contre :

• 🇨🇦 Groupe Boutin (boutinexpress.com)

Boutin, une entreprise humaine experte en transport et en entreposage C'est en 1945, à Plessisville, que nous commençions nos activités dans l'industrie du transport routier. Depuis, notre quotidien consiste à sillonner les routes et les autoroutes de l'Amérique du Nord avec vos marchandises à bord puis les livrer à bon port. Our Useful Features & Services Consolidation, distribution et transbordement. Monte-charges hydrauliques. Transport de conteneurs. Transport de fer et d'acier avec équipement lourd spécialisé. Transport de produits alimentaires. Transport frigorifique. Transport de matériaux de construction. Transport de matières dangereuses. Boutin, a people-friendly company specialized in transportation and warehousing.

#CANADA #RANSOMWARE #CLOP #DATABREACH #LOGISTIC #EQUIPMENT #WAREHOUSING #TRUCKING #INDUSTRY #TRANSPORT #PRODUCTS #LIVRAISON #SERVICES #HEALHCARE #DISTRIBUTION #RAIL #CONTENEURS #FER #TAILGATES #MARITIME #ACIER #ÉQUIPEMENT #TERMINALS #CONTAINER #OFFICES #NETWORK #EXPERT #CANADIAN #AMERICAN #PARTNERS #ASSISTANCE #SUPPORT #CUSTOMERS #MARKETS #HYDRAULIC #HAZARDOUS #TRANSPORTATION #TRUCKS #REFRIGERATED #COVID19 #COMMERCIAL #FINANCIAL #CARREERS #MATERIALS #INFRASTRUCTURES #SALES

Les opérateurs de ransomware Babuk revendiquent des attaques contre :

• 🇺🇸 DT Engineering (dtengineering.com)

We exist to become the preeminent, top-tier automation and tooling company, within our markets of choice. Our key markets include White Goods, Clean Industrial, Consumer Products, Transportation, and Pharmaceutical.

• 🇨🇦 Cosmetica Laboratories Inc (cosmeticalabs.com)

Maintaining a fine balance between art and technology, we inspire and create product for globally renowned beauty brands that are looking for the ideal partner in the creation and execution of innovative, high quality product.

#USA #RANSOMWARE #BABUK #DATABREACH #INDUSTRY #TECHNOLOGIES #BUSINESS #INNOVATION #ENGINEERING #LEADING #CORPORATION #HEALTH #AUTOMATION #MARKET #COMPANY #SUPPLYCHAIN #PHARMACEUTICAL #MANUFACTURING #COSMETIC #CREATIVE #SUPPLY #CHAIN #INDUSTRIAL #TOOLING #TECHNOLOGY #MARKETS #FINANCIAL #CAPABILITIES #DEVELOPMENT #SKINCARE #CERTIFICATION #SUPPLIER #SALES #SERVICES #PRODUCTS #MATERIALS #MISSION #LOGISTIC #ISC #ROCKWELL #HEALTHCARE #COLLABORATION #EQUIPMENT #BACKDOORS #BEAUTY #APPLICATIONS #PROCESSES #MAKEUP #INVENTION #CONSUMERS #FINANCE #ART #PARTNERS #PARTNERSHIPS #CAREERS #LABORATORIES #TRANSPORTATION #PHARMACEUTICALS

Les opérateurs de ransomware Everest revendiquent des attaques contre :

• 🇵🇹 Centro Hospitalar de Setúbal (chs.min-saude.pt)

O Centro Hospitalar de Setúbal (CHS) deu início, hoje, às 09h00, ao plano de Vacinação contra a Covid-19.

• 🇺🇸 Campbell Sales and Service, Inc (campbellsalesandservice.com)

Campbell Sales and Service, Inc. specializes in the sale of industrial bearing and power transmission products.

• 🇵🇭 Federal land inc. (federalland.ph)

Member of GT Capital Holdings and a proud partner of the Metrobank Group. It began in Manila as Federal Homes, Inc. in 1972 but has since grown into Federal Land, Inc.

• 🇵🇭 Department of Agriculture (da.gov.ph)

The Department of Agriculture is the Philippine government's frontline agency on food, agriculture and sustainable rural development.

#PHILIPPINES #PORTUGAL #USA #RANSOMWARE #EVEREST #DATABREACH #HEALTH #INDUSTRIAL #CARE #TRANSMISSION CUSTOMERS #EMPLOYEES #POWER #DOCUMENTS #COMPANY #SALES #COVID19 #SERVICES #HEALTHCARE #HOSPITAL #BUSINESS #CLINIC #URGENCE #MARKETS #FINANCE #PRODUCTS #CERTIFICATES #PASSPORTS #FARM #DRIVERS #LICENSES #FOOD #BANK #FINANCIAL #RECEIPTS #MAIL #ACCOUNTS #RESIDENTIAL #DATABASE #DEVELOPMENT #FILES #EMAILS #AGRICULTURE #OFFICE #GOVERNMENT #CAREERS #ORGANIZATION #SUPPORT #INVESTMENTS

Les opérateurs de ransomware DarkSide revendiquent une attaque contre :

• 🇿🇦 Supabets Gaming Group (PTY) (supabets.co.za)

Supabets is a bookmaker from South Africa with a head main office located in Johannesburg and with specially tailored website versions for a couple of other big countries in Africa, such as Nigeria, Kenya, Ghana and etc. Founded in 2014 with the aim of complementing the retail business, and finding new online customers. SupaBets sits alongside Hollywood Bets and SportingBet as a top ZA betting site. Supabets has a strong reputation with punters on the internet, with most queries about payments being resolved.

#AFRICA #RANSOMWARE #DARKSIDE #DATABREACH #GAMBLING #BETTING #BOOKMAKER #GAMES #BONUS #BOOST #FINANCE #ALLSTARS #CALLCENTRE #PROMO #SPORTS #MATCH #CUSTOMERS #ONLINE #MONEY #SOCCER #BET #WEBSITE

@gicat

And perhaps even more perniciously, we've seen ransomware become a serious threat, both in terms of scale and severity Increasingly, it targets crucial providers of public services, as well as businesses, as criminals play on our dependence on tech. It has resulted in serious disruptions to education, health and local authorities. It's caused huge losses for unprepared businesses. And has rapidly become a significant threat to our *supply chains.

#CYBER #THREATS

Prometei administrators have some of the technical groundwork in place should they want to embrace more « destructive payloads »

https://www.cybereason.com/blog/prometei-botnet-exploiting-microsoft-exchange-vulnerabilities

A threat actor connected to the entity's network via a Pulse Secure virtual private network (VPN) appliance, moved laterally to its SolarWinds Orion server, installed malware referred to by security researchers as SUPERNOVA (a .NET webshell), and collected credentials.

SUPERNOVA is a malicious webshell backdoor that allows a remote operator to dynamically inject C# source code into a web portal to subsequently inject code. APT actors use SUPERNOVA to perform reconnaissance, conduct domain mapping, and steal sensitive information and credentials.

https://us-cert.cisa.gov/ncas/analysis-reports/ar21-112a

Les opérateurs de ransomware Astro Team revendiquent une attaque contre :

• 🇺🇸 CREST Hotel & Suites

Located in South Beach, Crest Hotel Suites is within a 5-minute walk of popular attractions such as Fillmore Miami Beach and New World Center. This 65-room, 3.5-star hotel has a restaurant along with conveniences like an outdoor pool and free in-room WiFi.

#USA #ASTROTEAM #HOTEL #DATABREACH #TOURISME #RANSOMWARE #ASTRO #TRAVEL #CUSTOMERS #COMPANIES #VOYAGES #BUSINESS #SALES #MARKETS #BRANDS #SERVICES #WORLD

Les opérateurs de ransomware Astro Team revendiquent des attaques contre :

• 🇺🇸 StoneGate Senior Living, LLC (stonegatesl.com)

We provides support services to senior living and care properties that offer skilled health care, assisted living, memory support and independent living at locations in Texas, Oklahoma, and Colorado. Founded and led by a team of senior living industry veterans, StoneGate understands that careful attention to customer expectations is vital to the success of a senior living and care community.

• 🇮🇹 Pezzuto Group Srl (pezzutogroup.it)

Dal novembre 2012 ad oggi, Pezzuto Group è diventato un punto di riferimento per Audi e Volkswagen sul territorio. Solo nel 2015, Pezzuto Group ha scalato la Top 30 dei concessionari Volkswagen italiani, riuscendo a centrare ogni mese il 100% degli obiettivi aziendali prefissati e viaggiando su una media di circa 1000 nuovi clienti ogni anno.

#ITALY #USA #ASTRO #RANSOMWARE #ITALIE #ASTROTEAM #DATABREACH #ITALY #USA #ASTRO #RANSOMWARE #ITALIE #ASTROTEAM #DATABREACH #SERVICES #SUPPORT #SENIOR #HEALTHCARE #INDEPENDENT #TEAM #INDUSTRY #VETERANS #HEALTH #INFORMATION #CUSTOMERS #COMMUNITY #AUTOMOBILE #AUTO #AUTOMOTIVE #COMPANY #CLIENTS #CUSTOMERS #CARS #BUSINESS #CARE #FINANCIAL

impacket - GPP Passwords

Added Get-GPPPassword in examples. It's a python script for extracting and decrypting Group Policy Preferences passwords using streams for treating files instead of mounting shares, allowing for running this script inside regular docker containers. This also allows for pass-the-hash, pass-the-ticket, pass-the-key, overpass-the-hash, features that the Metasploit Framework doesn't offer.

#INFORMATIQUE #SECURITY #PYTHON #TOOLS

🛠 https://github.com/SecureAuthCorp/impacket/pull/1064

Sebastien Larinier vient de sortir Pyeti-python.

Pyeti-python allows you to extract data from YETI such as specific observables (malware, IP, domains...). It can be used to plug in your own tool and enrich your Threat Intelligence feed with YETI « Your Everyday Threat Intelligence » is a platform meant to organize observables, IoC, TTPs, and knowledge on threats in a single, unified repository.

#INFORMATIQUE #PYTHON #TOOLS #OPENSOURCE #SECURITY #INTELLIGENCE #LINUX #CYBER #THREATS

🛠 https://github.com/yeti-platform/pyeti

Кіберфахівці СБУ спільно з американськими правоохоронцями викрили хакера на Херсонщині

Un ukrainien a été interpellé par le SBU (СБ України) dans le cadre d'une enquête sur des vols concernant plusieurs dizaines de millions de dollars appartenant à des banques canadiennes et américaines.

Ukraine's SBU State Security Service has detained a Ukrainian hacker who stole tens of millions of U.S. dollars from U.S. and Canadian banks

#CYBER #UKRAINE #USA #CANADA #BANKING

https://ssu.gov.ua/novyny/sbu-zatrymala-ukrainskoho-khakera-yakyi-vkrav-desiatky-milioniv-dolariv-z-amerykanskykh-i-kanadskykh-bankiv

Les opérateurs derrière le ransomware Darkside revendiquent une attaque contre :

• 🇺🇸 BTU International, Inc. (btu.com)

Founded in 1950, the company focuses on thermal processing equipment for alternative energy and electronics, such as semiconductor packaging, solar cell manufacturing, printed circuit board assembly, and nuclear fuel processing.

#USA #RANSOMWARE #DARKSIDE #DATABREACH #INTERNATIONAL #SEMICONDUCTOR #INDUSTRY #EQUIPMENT #SOLUTIONS #ENERGIES #MARKET #ELECTRONICS #CYBER #MANUFACTURE #INDUSTRIAL #SOLAR #ASSEMBLY #TECHNOLOGIES #DESIGN #CAREERS #NUCLEAR #COMPANIES