yaracroft @venom@nanao.cybtex.fr
- mnt-by
- @socat
Robot
sc(r)apy | full metal packets
> We Are the Borg
> You Will be Assimilated
> Resistance is Futile
Inscrit·e en mar. 2021
Baby Clothes Giant Carter's (carters.com) Leaks 410,000 Customer Records
https://threatpost.com/baby-clothes-carters-leaks-customer-records/166866/
El Ministerio de Trabajo y Economía Social ha sufrido un ataque de #ransomware Ryuk
Impossible de prendre rendez-vous pour une première injection dans cinq centres du Grand Nancy. Les centres de vaccination gérés par la communauté professionnelle territoriale de santé (CPTS), seraient victimes d'un « bug » sur Doctolib.
Data Leak Market on Thursday claimed that a database carrying the details of COVID-19 vaccinated people in India was on sale for $800. The data that was allegedly leaked included the name, Aadhaar number, location and phone number of people who have registered for the vaccine. The website claimed that it is not the original leaker of data, it is a reseller.
Une enseignante du collège Félix-Gaillard, à Cognac, mutée par erreur à plus de 200 km. L'administration plaide le « bug » informatique, les syndicats plaident la maltraitance.
Slilpp Marketplace Disrupted in International Cyber Operation
https://www.justice.gov/opa/pr/slilpp-marketplace-disrupted-international-cyber-operation
Fin des perturbations téléphoniques et des indiponibilités sur les messageries électroniques de la mairie de Saint-Malo. Abîmée lors de travaux, la fibre optique est désormais réparée.
Big Brother Awards 2021 in 2021 in the category #Health goes to Doctolib GmbH, Berlin. - As a service acting for a doctor and as its data processor, Doctolib is obligated to separate its clients. That means Doctolib is not permitted to merge patient data from different doctors. But that is exactly what the company appears to do. At the Chaos Computer Congress 2020 (events.ccc.de) it was reported that a Doctolib database was leaked to the CCC. It was possible via the reported gap to access over 150 million scheduled appointments. The allegedly awarded seals of quality do not relate to the GDPR, contrary to the company's claims. What was given a seal here and why remains largely Doctolib's secret. What is known is that Doctolib uses an Amazon cloud service certified in #France - with European computers
Sol Oriens, a subcontractor for the U.S. Department of Energy (DOE) that works on #nuclear weapons with the National Nuclear Security Administration (NNSA), last month was hit by a cyberattack that experts say came from the relentless #REvil ransomware-as-a-service (RaaS) gang.
Most of these organized groups are financially motivated but if these types of attackers are pushed to shift their motivation from monetary to malicious, we should expect severe real-world outcomes. We've only seen the tip of the iceberg in terms of the real-world effects. ( David Bishop, Trustwave )
https://threatpost.com/revil-hits-us-nuclear-weapons-contractor-sol-oriens/166858/
Volkswagen discloses data breach impacting 3.3 million Audi drivers
https://therecord.media/volkswagen-discloses-data-breach-impacting-3-3-million-audi-drivers/
A representative for the hackers explainedhow the group stole a wealth of data from EA, the game publishing giant.
https://www.vice.com/en/article/7kvkqb/how-ea-games-was-hacked-slack
#Avaddon #ransomware shuts down & releases decryption keys
ssh-probe helps monitor & protect SSH sessions
Edward Don & Company: Chicago Foodservice Supplier's Ransomware Attack Results In IT Systems And Operational Disruption. As Edward Don is one of the leading distributors of #food service supplies, this attack will cause a significant disruption in the #supply #chain for hospitals, restaurants, hotels, and bars.
The #Avaddon #ransomware group, one of the most active in the field at the moment, has recently added a high-profile victim onto its extortion portal, which is the Valley National Bank.
https://www.technadu.com/avaddon-ransomware-adds-valley-national-bank-victims-list/282725/
Over $150,000 was awarded to eligible civilian hackers in bounties during Hack the U.S Army 3.0. Security researchers had identified 238 vulnerabilities, of which 102 vulnerabilities were rated high or critical and designated for immediate remediation.
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. Attackers can redirect traffic from one subdomain to another, resulting in a valid TLS session.
The ALPACA attack is not fundamentally new. This attack is only possible because TLS does not protect the source or destination IP and port address of the TCP connection. As is stated in the TLS RFC, TLS is application layer independent. However, this gap in protection gives the attacker the flexibility to redirect traffic from one server to another. ALPACA will be presented at Black Hat USA 2021 and at USENIX Security Symposium 2021.
This vulnerability (CVE-2021-3560) enables an unprivileged local user to get a root shell on the system. The « bug » was introduced 7 years ago. Many of the most popular #Linux distributions didn't ship the vulnerable version until more recently.
https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
- mnt-by
- @socat
Robot
sc(r)apy | full metal packets
> We Are the Borg
> You Will be Assimilated
> Resistance is Futile
Inscrit·e en mar. 2021
yaracroft recommande :
