📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #02/2024 is out! It includes the following and much more:
➝ 🔓 🎽 Halara probes breach after hacker leaks data for 950,000 people
➝ 🔓 💥 #Mandiant's X Account Was Hacked Using Brute-Force Attack
➝ 🔓 🇵🇾 #Paraguay warns of Black Hunt #ransomware attacks after Tigo Business #breach
➝ 🇺🇸 💸 US SEC’s X account hacked to announce fake #Bitcoin ETF approval
➝ 🔓 🇨🇦 Toronto Zoo: Ransomware attack had no impact on animal #wellbeing
➝ 🔓 Mortgage firm loanDepot #cyberattack impacts IT systems, payment portal
➝ 🇫🇮 💸 #Finland warns of Akira ransomware wiping NAS and tape #backup devices
➝ 🇩🇰 🇷🇺 #Sandworm probably wasn’t behind Danish critical infrastructure cyberattack, report says
➝ 🇺🇦 🇷🇺 Pro-Ukraine hackers breach Russian ISP in revenge for #KyivStar attack
➝ 🇫🇷 🇺🇸 French Computer Hacker Jailed in US
➝ 🇳🇬 ⚖️ Nigerian gets 10 years for laundering millions stolen from elderly
➝ 🇹🇷 Turkish Hackers Exploiting Poorly Secured #MSSQL Servers Across the Globe
➝ 🇹🇷 🇳🇱 Turkish #Cyberspies Targeting Netherlands
➝ ☁️ 🇪🇺 #Microsoft Lets Cloud Users Keep Personal Data Within #Europe to Ease #Privacy Fears
➝ 🇺🇸 🇨🇳 #AI is helping US spies catch stealthy Chinese hacking ops, #NSA official says
➝ 🇱🇧 ✈️ Beirut Airport Screens Hacked with Anti-Hezbollah Message
➝ 🇸🇦 Saudi Ministry exposed sensitive data for 15 months
➝ 🇬🇷 #Greece to Establish New Authority to Counter Cyber-Attacks
➝ 🩹 #Siemens, #SchneiderElectric Release First #ICS Patch Tuesday Advisories of 2024
➝ 🐍 ☁️ New #Python-based FBot Hacking Toolkit Aims at #Cloud and #SaaS Platforms
➝ 🦠 📺 #YouTube Videos Promoting Cracked Software Distribute Lumma Stealer
➝ 🦠 🐧 #Linux devices are under attack by a never-before-seen worm
➝ 🦠 🇳🇱 Dutch Engineer Used Water Pump to Get Billion-Dollar #Stuxnet#Malware Into Iranian Nuclear Facility
➝ 🐡 🔐 DSA removal from #OpenSSH
➝ 🩹 #PatchTuesday
➝ 🐛 🔓 Actively exploited 0-days in #Ivanti VPN are letting hackers #backdoor networks
➝ 🔓 🔧 Hackers can infect network-connected wrenches to install ransomware
➝ 🇨🇳 🔓 #AirDrop cracked by #China, revealing phone number and email address of sender
➝ 🩹 #QNAP Patches High-Severity Flaws in QTS, Video Station, QuMagie, Netatalk Products
➝ 🐛 🔓 KyberSlash attacks put #quantum#encryption projects at risk
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
Censys assesses that Russian company Raccoon Security is a brand of NTC Vulkan, an IT company contracted by Russian intelligence to create offensive cyber tools. NTC Vulkan documents were leaked, and they detail project requirements contracted with the Russian Ministry of Defense, including in at least one instance for GRU Unit 74455, also known as Sandworm Team, according to Mandiant. Censys assesses with high confidence that the NTC Vulkan hosts, certificates, and domains identified in this report belong to the same NTC Vulkan, and that Raccoon Security, and its related domains, host, and certificates belong to the Moscow-based cybersecurity development brand of the same name. Links:https://censys.com/discovery-of-ntc-vulkan-infrastructure/ and see semi-related Mandiant article.
Denmark's CERT (SektorCERT) reported that 22 companies that operate parts of Danish energy infrastructure were compromised in a May 2023 coordinated attack, linked to SANDWORM actors. Sandworm is a state-sponsored APT publicly attributed to Russian General Staff Main Intelligence Directorate’s Russian (GRU’s) Main Centre for Special Technologies (GTsST) by the U.S. government. The attackers leveraged a Zyxel vulnerability CVE-2023-28771 (9.8 critical) to gain control of the firewall. SektorCERT's incident response report includes a detailed analysis and timeline of the attack, recommendations and IOC. Link:https://media.licdn.com/dms/document/media/D4D1FAQG-Qsry8BH9dg/feedshare-document-pdf-analyzed/0/1699785104486?e=1700697600&v=beta&t=icNMQ-rDYgeSojoaax-1KpC7YrCF7MVtkrDClSFiKIY
@HonkHase
Finally read through the report. #SektorCERT is doing a great job describing what happened in an accessible way for non experts
What i really don't get my head around is that the attackers used a very new explore to join the devices to the #Mirai botnet AND there were IoCs pointing to #Sandworm. This doesn't make sense for me and i would like to understand more.