yaracroft @venom@nanao.cybtex.fr

Since the beginning of 2020, Dutch and Belgian residents have been increasingly targeted by financially motivated cybercriminals looking to obtain access to their bank accounts. In many strikingly similar cases, fraudsters reach out to victims via email, SMS, or WhatsApp messages to deliver fake notifications containing malicious links pointing to a phishing site. Our researchers identified a Dutch-speaking criminal syndicate, codenamed Fraud Family by Group-IB, which develops, sells and rents sophisticated phishing frameworks to other #cyber criminals targeting users mainly in the Netherlands and Belgium. The phishing frameworks allow attackers with minimal skills to optimize the creation and design of #phishing campaigns to carry out massive fraudulent operations all the while bypassing 2FA. This blog post analyzes the methods and techniques used by Fraud Family's shady customers, Fraud Family's technical infrastructure, and their phishing panels.

https://blog.group-ib.com/fraud_family_nl

According to data provided to The Block, #blockchain analytics firm Chainalysis Inc. (chainalysis.com) has confirmed over $208 million in #ransomware payouts thus far in 2021. In 2020, the firm confirmed $416,432 in ransomware. 2021 will likely be bigger than 2020. #money

https://www.theblockcrypto.com/post/112243/chainalysis-finds-2021-ransomware-payouts-are-outpacing-2020s-bumper-year

CVE-2021-33909 - We discovered a size_t-to-int conversion vulnerability in the #Linux kernel's filesystem layer: by creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB, an unprivileged local attacker can write the 10-byte string //deleted to an offset of exactly -2GB-10B below the beginning of a vmalloc()ated kernel buffer. We successfully exploited this uncontrolled out-of-bounds write, and obtained full root privileges on default installations of Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation; other Linux distributions are certainly vulnerable, and probably exploitable. Our exploit requires approximately 5GB of memory and 1M inodes; we will publish it in the near future. #vuln #informatique

https://www.qualys.com/2021/07/20/cve-2021-33909/sequoia-local-privilege-escalation-linux.txt

CVE-2021-3438 - 16 Years In Hiding - Millions of #Printers Worldwide Vulnerable. This led to the discovery of a high severity vulnerability in HP, Xerox, and Samsung printer driver #software that has remained undisclosed for 16 years. Millions of devices and likely millions of users worldwide. This vulnerability affects a very long list of over 380 different #HP and #Samsung printer models as well as at least a dozen different #Xerox products. #vuln #informatique

https://labs.sentinelone.com/cve-2021-3438-16-years-in-hiding-millions-of-printers-worldwide-vulnerable/

#Russia managed to disconnect itself from the global #Internet during tests in June and July 2021. The capability of physically disconnecting the Russian part of the Internet was tested.

https://www.reuters.com/technology/russia-disconnected-global-internet-tests-rbc-daily-2021-07-22/

PetitPotam - PoC - Gilles Lionel, a Paris-based French security researcher, has discovered a security flaw in the #Microsoft #Windows operating system that can be exploited to force remote Windows machines to authenticate and share their password hashes with an attacker.

https://github.com/topotam/PetitPotam

PoC for CVE-2021-36934, which enables a standard user to be able to retrieve the #Microsoft Windows SAM, Security, and Software #Registry #hives in #Windows 10 version 1809 or newer

https://github.com/WiredPulse/Invoke-HiveNightmare

Kaseya obtains universal decryptor for #REvil #ransomware victims - it came from a secret « trusted third party »

https://www.bleepingcomputer.com/news/security/kaseya-obtains-universal-decryptor-for-revil-ransomware-victims/

Transnet (transnet.co.za) : a #cyber attack has disrupted container operations at the South African port of Cape Town #logistics #cyber #threats #ransomware

https://www.reuters.com/world/africa/exclusive-south-africas-transnet-hit-by-cyber-attack-sources-2021-07-22/

La plus grande compagnie pétrolière au monde Saudi Aramco a été victime en juin 2021 d'une importante fuite de données de 1 terabyte de données, qu'ils ont mis à prix 5 millions de dollars : les attaquants sont passés par l'intermédiaire d'un de ses sous-traitants.

https://www.lefigaro.fr/secteur/high-tech/saudi-aramco-se-fait-siphonner-des-donnees-une-rancon-de-50-millions-de-dollars-exigee-20210722

L'hôpital de Périgueux porte plainte après avoir été victime d'une #cyber attaque durant la semaine du 14 juillet 2021 #france

https://www.sudouest.fr/dordogne/perigueux/dordogne-le-centre-hospitalier-de-perigueux-touche-par-une-cyberattaque-4233453.php

DUBAI, United Arab Emirates (AP) - Saudi Arabia's state oil giant acknowledged Wednesday that leaked data from the company — files now apparently being used in a cyber-extortion attempt involving a $50 million ransom demand - likely came from one of its contractors. The Saudi Arabian Oil Co., better known as Saudi Aramco, told The Associated Press that it « recently became aware of the indirect release of a limited amount of company data which was held by third-party contractors » The #oil firm did not say which contractor found itself affected nor whether that contractor had been hacked or if the information leaked out another way. « We confirm that the release of data was not due to a breach of our systems, has no impact on our operations and the company continues to maintain a robust cybersecurity posture » Aramco said. A page accessed by the AP on the darknet - a part of the internet hosted within an encrypted network and accessible only through specialized anonymity-providing tools - claimed the extortionist held 1,000 gigabytes worth of Aramco data. The global energy #industry has seen a ramp up in #cyber attacks with Colonial Pipeline becoming the most visible of late. #uae

https://apnews.com/article/technology-middle-east-business-religion-b449557e2db93e9e106cda6c085667e9

« Haurus », l'ancien agent de la DGSI qui était jugé pour avoir vendu sur le Darknet des informations tirées de fichiers de #police protégés, a été condamné à 7 ans de prison dont 2 avec sursis par le #tribunal correctionnel de Nanterre #france #cyber #justice

https://www.lemonde.fr/police-justice/article/2021/07/22/affaire-haurus-l-ancien-agent-de-la-dgsi-condamne-a-sept-ans-de-prison-dont-deux-avec-sursis_6089199_1653578.html