#Ukraine, #CyberSecurity, #infosecurity
The Government is overselling the #Diia application trying to convince the Ukrainian citizens that it is the one and
only means of the State e-services provision. What’s Wrong with Diia?
https://0.hckd.xyz/GJWRh (Pdf, EN)
Is #Ukraine ready for future #cyberattack's? I thought I answered that question. https://euromaidanpress.com/2022/02/10/is-ukraine-ready-for-future-cyberattacks-dont-hold-your-breath-experts-say/
#Vulnerability data published by #NIST reveals that #Zimbra accumulated 23 severe and critical vulnerabilities since 2019. At this moment I think: Ukrainian gov. & mil. segment will stop using Zimbra or Russian #APT`s will take on board this new technics? Whichever occurs first?
#0day #XSS in #Zimbra 8.8.15 (P29 & P30), that has been used in (Chinese?) targeted spear-phishing campaigns against EU gov. Threat actor currently tracked by the Volexity as #TEMP_Heretic and attributed as Chinese-based by indirect evidence without linked to previously known #APT`s. Tech report with IOCs by Volexity: https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/
CVE in #Log4j 1.2.x Especially for #Zimbra who keep sticking your head in the sand. https://logging.apache.org/log4j/1.2/
Kir
boosted
today corp bullshit
Before Christmas the parent corp sent its employees a FedEx with a multipage letter letting us know how terrific the company is. Attached to the packet with a paperclip was a crisp new $100 bill. I looked at my most recent pay stub and discovered that the $100 is actually mine. They deducted my Christmas gift from my own paycheck!
#attack13 / #WhisperGate All-in-One YARA-rules, tools, samples, papers: https://lab.dobergroup.org.ua/-/snippets/41
Kir
boosted
Destructive malware targeting Ukrainian organizations: technical blog post by #MSTIC : https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
Kir
boosted
Samples of #WhisperGate (VXUG) aka #attack13 (DG) aka DEV-0586 (MSTIC) - the MBR Overwriter targeting Gov #Ukraine https://samples.vx-underground.org/APTs/2022/2022.01.15/Samples/ (pass "infected")
Kir
boosted
New official version: not a #vulnerability in OctoberCMS but supply chain attack. https://cip.gov.ua/ua/news/derzhspeczv-yazku-z-yasuvala-yak-khakeri-zlamali-saiti-derzhustanov-sho-stalosya (currently UA only, sorry). Company not named, but rumored to be Kitsoft Ukraine
Kir
boosted
CVE-2021-32648 (Score 6.4) - attacker can request an account password reset and then gain access to the account using a specially crafted request.
CVE Publish Date: 26.08.2021
OctoberCMS Patch Commit Date: 07.04.2021
Total disgrace
Kir
boosted
15 gov sites in Ukraine - all using OctoberCMS - have been defaced, incl Min of Foreign Affairs, Cabinet of Ministers, Min of Ed, Emergency Services, Treasury, Environmental Protection. Looks like the attackers used CVE-2021-32648 in all cases.
CVE-2021-32648 (Score 6.4) - attacker can request an account password reset and then gain access to the account using a specially crafted request.
CVE Publish Date: 26.08.2021
OctoberCMS Patch Commit Date: 07.04.2021
Total disgrace
15 gov sites in Ukraine - all using OctoberCMS - have been defaced, incl Min of Foreign Affairs, Cabinet of Ministers, Min of Ed, Emergency Services, Treasury, Environmental Protection. Looks like the attackers used CVE-2021-32648 in all cases.
Kir
boosted
More Russian Cyber Operations against Ukraine https://www.schneier.com/blog/archives/2022/01/more-russian-cyber-operations-against-ukraine.html #Uncategorized #cyberwar #Ukraine #Russia
#APT's and #CyberCrime analyst
Joined Dec 2018
