To all my foreign friends.
This is . The capital of .
Today a war criminals strikes from the air at civilian building.
I call to your memory of 9/11, now Ukrainians have their own one.
I ask you to demand from your Government:
Close Ukrainian Sky Immediately!

, ,
The Government is overselling the application trying to convince the Ukrainian citizens that it is the one and
only means of the State e-services provision. What’s Wrong with Diia?
0.hckd.xyz/GJWRh (Pdf, EN)

We have seen massive but short-lived (~30 min.) the attack directed on Gov. banks (Privatbank, Oschadbank) and public military networks.

data published by reveals that accumulated 23 severe and critical vulnerabilities since 2019. At this moment I think: Ukrainian gov. & mil. segment will stop using Zimbra or Russian `s will take on board this new technics? Whichever occurs first?

Show thread

in 8.8.15 (P29 & P30), that has been used in (Chinese?) targeted spear-phishing campaigns against EU gov. Threat actor currently tracked by the Volexity as and attributed as Chinese-based by indirect evidence without linked to previously known `s. Tech report with IOCs by Volexity: volexity.com/blog/2022/02/03/o

Kir boosted

today corp bullshit 

Before Christmas the parent corp sent its employees a FedEx with a multipage letter letting us know how terrific the company is. Attached to the packet with a paperclip was a crisp new $100 bill. I looked at my most recent pay stub and discovered that the $100 is actually mine. They deducted my Christmas gift from my own paycheck!

Kir boosted
Kir boosted

Samples of #WhisperGate (VXUG) aka #attack13 (DG) aka DEV-0586 (MSTIC) - the MBR Overwriter targeting Gov #Ukraine samples.vx-underground.org/APT (pass "infected")

Kir boosted

New official version: not a #vulnerability in OctoberCMS but supply chain attack. cip.gov.ua/ua/news/derzhspeczv (currently UA only, sorry). Company not named, but rumored to be Kitsoft Ukraine

Kir boosted

CVE-2021-32648 (Score 6.4) - attacker can request an account password reset and then gain access to the account using a specially crafted request.
CVE Publish Date: 26.08.2021
OctoberCMS Patch Commit Date: 07.04.2021
Total disgrace

Show thread
Kir boosted

15 gov sites in Ukraine - all using OctoberCMS - have been defaced, incl Min of Foreign Affairs, Cabinet of Ministers, Min of Ed, Emergency Services, Treasury, Environmental Protection. Looks like the attackers used CVE-2021-32648 in all cases.

CVE-2021-32648 (Score 6.4) - attacker can request an account password reset and then gain access to the account using a specially crafted request.
CVE Publish Date: 26.08.2021
OctoberCMS Patch Commit Date: 07.04.2021
Total disgrace

Show thread

15 gov sites in Ukraine - all using OctoberCMS - have been defaced, incl Min of Foreign Affairs, Cabinet of Ministers, Min of Ed, Emergency Services, Treasury, Environmental Protection. Looks like the attackers used CVE-2021-32648 in all cases.

Kir boosted
Show older
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.