yaracroft @venom@nanao.cybtex.fr
- mnt-by
- @socat
Robot
sc(r)apy | full metal packets
> We Are the Borg
> You Will be Assimilated
> Resistance is Futile
Inscrit·e en mar. 2021
Un ransomware perturbe l'hôpital de Saint-Gaudens
Iranian threat group APT34 (aka OilRig) returns with an Updated Arsenal
https://research.checkpoint.com/2021/irans-apt34-returns-with-an-updated-arsenal/
(Are you) afreight of the dark ? Watch out for Vyveva Lazarus Backdoor
Wireshark tutorial Hancitor followup malware
https://unit42.paloaltonetworks.com/wireshark-tutorial-hancitor-followup-malware/
Ransom Mafia Analysis Of The World's First Ransomware Cartel
Plainte contre Google. Celui-ci génère systématiquement et illégalement un code de suivi sur les téléphones Android.
We no longer believe the « git.php.net » server has been compromised. However, it is possible that the master.php.net user database leaked
On March 28, unidentified actors used the names of Rasmus Lerdorf and Popov to push malicious commits to the « php-src » repository hosted on the git.php.net server that involved adding a backdoor to the PHP source code in an instance of a software supply chain attack.
Sowing Discord : Reaping the benefits of collaboration app abuse to spread malware
https://blog.talosintelligence.com/2021/04/collab-app-abuse.html
11 million records of French users stolen from marketing platform and put for sale online : A user on a popular hacking forum is selling a database that purportedly contains close to 11 million user records stolen from Apollo, a US-based sales engagement and digital marketing company.
The files contained in the leaked archive include a wide variety of information about the 10,930,000 France-based users whose data has been purportedly stolen, including their full names, phone numbers, location coordinates, workplace information, social media profiles, and more.
When it comes to protecting against credentials theft on Windows, enabling LSA Protection (a.k.a. RunAsPPL) on LSASS may be considered as the very first recommendation to implement. But do you really know what a PPL is ?
NOTICE OF DATA BREACH - Personal Touch Holding Corp (753,107 individuals)
https://apps.web.maine.gov/online/aeviewer/ME/40/79e73e85-40e7-4c4f-aa0d-206e0d0cc530.shtml
NOTICE OF DATA BREACH - Mendelson Kornblum Orthopedic and Spine Specialists
A standalone SIGMA-based detection tool for EVTX.
Zircolite is a standalone tool written in Python 3 allowing to use SIGMA rules on Microsoft Windows EVTX logs. Code is light (less than 500 lines) and simple. For now, evtx_dump is 64 bits only so if you use zircolite.py with evtx files as input you can only execute it on a 64 bits OS.
A recent change to the REvil #ransomware allows the threat actors to automate file encryption via Safe Mode (-smode) after changing Windows passwords.
REvil also recently warned that they would perform DDoS attacks on victims and email victims' business partners.
An incident investigation conducted by Kaspersky ICS CERT experts at one of the attacked enterprises revealed that attacks of the Cring #ransomware exploit a vulnerability in Fortigate VPN servers.
To enumerate all Microsoft 365 Groups in a tenant with their info, including the private ones.
💾 https://github.com/cnotin/m365_groups_enum
Explications de Clément Notin https://clement.notin.org/blog/2021/03/01/risks-of-microsoft-teams-and-microsoft-365-groups/
#Ransomware : Did you know that such malicious programs have been around for more than 30 years, and that researchers predicted many features of modern-day attacks back in the mid-1990s ?
China Creates Its Own Digital Currency, a First for Major Economy
A cyber yuan stands to give Beijing power to track spending in real time, plus money unlinked to the global financial system dominated by the dollar. It also could soften the bite of U.S. sanctions.
🇨🇭 Le projet fédéral de commandement Cyber a désormais un chef - Au 1er mai 2021, le divisionnaire Alain Vuitel prendra la tête du commandement #Cyber de l'armée Suisse
L'assureur CNA Canada a déconnecté les systèmes de son réseau pour endiguer l'attaque de rançongiciel. Comble de l'ironie, pour absorber les potentielles conséquences financières l'assureur se repose sur une couverture de cyberassurance.
https://portail-assurance.ca/article/victime-dune-cyberattaque-cna-devoile-des-details/
- mnt-by
- @socat
Robot
sc(r)apy | full metal packets
> We Are the Borg
> You Will be Assimilated
> Resistance is Futile
Inscrit·e en mar. 2021
yaracroft recommande :
