yaracroft @venom@nanao.cybtex.fr

(CVE-2021-34473) Finding exposed OWA servers vulnerable to proxyshell - A new set of critical vulnerabilities popped-up at this year's BlackHat edition regarding #Microsoft Exchange exploitable via Outlook Web Access. This set of vulnerabilities as been dubbed proxyshell #vuln

https://www.onyphe.io/blog/finding-exposed-owa-servers-vulnerable-to-proxyshell/

#China's Huawei Technologies Co (huawei.com) stole trade secrets & spied on #Pakistan. #Huawei's alleged #backdoor was located in a database that consolidated sensitive information, including national ID card records, foreigner registrations, tax records and criminal records, for law enforcement, a #US company (businessefficiencysolutions.com) has said #cyber #threats

https://www.hindustantimes.com/world-news/chinas-huawei-spied-installed-data-back-door-in-pakistan-report-101629004305415.html

100 million T-Mobile customers records purportedly up for sale. Seller claims to have sucker-punched #US infrastructure out of #retaliation. T-Mobile, the mobile communication brand of the German telecommunications company Deutsche Telekom AG, is reportedly investigating. #germany #cyber #threats

https://threatpost.com/t-mobile-investigates-100m-records/168689/

Une partie des systèmes informatiques du Groupe Pallas Kliniken AG (pallas-kliniken.ch) impactée par une attaque #informatique de type #ransomware. Spécialisées dans la chirurgie des yeux et esthétique, ces cliniques privées disposent d'une vingtaine d'implantations en #Suisse et réalisent chaque année plus de 120000 interventions #health #medical #santé

https://www.swissinfo.ch/fre/les-cliniques-pallas-victimes-d-une-cyberattaque/46871336

PetitPotam code have been updated to use one unpatched #Microsoft Encrypting File System Remote (EFSRPC) functions if needed + added the structs and nearly all RPC calls that can be used to elicit authentication or do other interesting thing #windows #vuln #informatique

https://github.com/topotam/PetitPotam

Nota do Ministério da Economia (Brasil) - Foi identificado na noite de sexta-feira (13/8) um ataque de #ransomware à rede interna da Secretaria do Tesouro Nacional. As medidas de contenção foram imediatamente aplicadas e a Polícia Federal, acionada #brazil

https://www.gov.br/economia/pt-br/canais_atendimento/imprensa/notas-a-imprensa/2021/agosto/nota-do-ministerio-da-economia

Abusing legitimate challenge & response services (such as #Google's reCAPTCHA) or deploying customized fake CAPTCHA-like validation. Mass phishing and grayware campaigns have become more sophisticated, using evasion techniques to escape detection by automated security crawlers. Fortunately, when malicious actors use infrastructure, services or tools across their ecosystem of malicious websites, we have a chance to leverage these indicators against them. #cyber #phishing #threats

https://unit42.paloaltonetworks.com/captcha-protected-phishing/

hAFL2 : the first #opensource hypervisor fuzzer #tools #informatique

https://www.safebreach.com/blog/2021/hAFL2/

hAFL1 is able to fuzz Hyper-V's drivers. In this tutorial will focus on fuzzing the #Microsoft Hyper-V virtual switch (vmswitch.sys) #tools #informatique

https://github.com/SB-GC-Labs/hAFL1/

LiveCloudKd v2.0.0.20210814 - Added reading, writing memory options for #Microsoft Hyper-V VMs with running nested guest OS #tools #informatique

https://github.com/gerhart01/LiveCloudKd/releases

#islamabad - A cyber attack has affected #Pakistan's largest #datacenter run by the Federal Board of Revenue (FBR) and managed to break the virtual environment Hyper-V #software by #Microsoft, bringing down all the official websites operated by the tax machinery. « It is cyber #terrorism on our Independence Day ! » #cyber #threats #informatique

https://tribune.com.pk/story/2315712/fbr-reels-under-a-major-cyberattack

#Mastodon is now a Non-Profit Organisation

https://blog.joinmastodon.org/2021/08/mastodon-now-a-non-profit-organisation/

DeepBlueMagic #ransomware

https://heimdalsecurity.com/blog/new-ransomware-method-deepbluemagic-strain/

A security researcher has figured out a way to dump a user's unencrypted plaintext #Microsoft #Azure credentials from Microsoft's new #Windows 365 Cloud PC service using Mimikatz #informatique

https://www.bleepingcomputer.com/news/microsoft/windows-365-exposes-microsoft-azure-credentials-in-plain-text/

La nouvelle #panne de la plateforme du SI-DEP concernent aussi les centres de vaccination et les centres de dépistage de #Caen (Calvados, #France). « On délivre un document non officiel aux vaccinés, certifiant qu'ils ont fait le test. C'est ensuite au bon vouloir des professionnels qui vérifient le passe… » #informatique

https://www.ouest-france.fr/normandie/caen-14000/passe-sanitaire-le-qr-code-beugue-aussi-dans-les-centres-de-vaccination-et-de-depistage-a-caen-247f38ee-fcf0-11eb-a7c7-18076227e413

#Zoom agrees to pay $85,000,000 $USD for lying about its « end-to-end encryption » and the transfer of data to #Facebook and #Google « That's shocking. There is nothing in the privacy policy that addresses that » #informatique

https://www.vice.com/en/article/k7e599/zoom-ios-app-sends-data-to-facebook-even-if-you-dont-have-a-facebook-account

Le SI-DEP, régulièrement critiqué par les professionnels de #santé pour ses bugs à répétition, toujours en #panne : une situation inédite par sa durée. Les pharmaciens impactés - 90 % de la profession, selon les syndicats - font, pour le moment, dans le système D et réalisent des attestations papiers, non sécurisées. Ce nouveau « bug » #informatique a pour effet (visible) de ne pas pouvoir générer de certificats officiels attestant la négativité ou la positivité des personnes venues se faire dépister #france

https://www.letelegramme.fr/coronavirus/passe-sanitaire-une-panne-geante-empeche-les-pharmaciens-de-delivrer-les-qr-codes-14-08-2021-12807452.php

EQU8 - Kernel Component Analysis

https://back.engineering/12/08/2021/

#LockBit 2.0 #Ransomware

https://blogs.blackberry.com/en/2021/08/threat-spotlight-lockbit-2-0-ransomware-takes-on-top-consulting-firm