Kir

/ All-in-One YARA-rules, tools, samples, papers: lab.dobergroup.org.ua/-/snippe

0
Kir boosted
GSC Research

Destructive malware targeting Ukrainian organizations: technical blog post by #MSTIC : microsoft.com/security/blog/20

Show thread
0
Kir boosted
GSC Research

Samples of #WhisperGate (VXUG) aka #attack13 (DG) aka DEV-0586 (MSTIC) - the MBR Overwriter targeting Gov #Ukraine samples.vx-underground.org/APT (pass "infected")

1
Kir

Naming from DG:

Show thread
0
Kir boosted
GSC Research

New official version: not a #vulnerability in OctoberCMS but supply chain attack. cip.gov.ua/ua/news/derzhspeczv (currently UA only, sorry). Company not named, but rumored to be Kitsoft Ukraine

0
Kir boosted
Kir

CVE-2021-32648 (Score 6.4) - attacker can request an account password reset and then gain access to the account using a specially crafted request.
CVE Publish Date: 26.08.2021
OctoberCMS Patch Commit Date: 07.04.2021
Total disgrace

Show thread
1
Kir boosted
Kir

15 gov sites in Ukraine - all using OctoberCMS - have been defaced, incl Min of Foreign Affairs, Cabinet of Ministers, Min of Ed, Emergency Services, Treasury, Environmental Protection. Looks like the attackers used CVE-2021-32648 in all cases.

1+
Kir

CVE-2021-32648 (Score 6.4) - attacker can request an account password reset and then gain access to the account using a specially crafted request.
CVE Publish Date: 26.08.2021
OctoberCMS Patch Commit Date: 07.04.2021
Total disgrace

Show thread
1
Kir

15 gov sites in Ukraine - all using OctoberCMS - have been defaced, incl Min of Foreign Affairs, Cabinet of Ministers, Min of Ed, Emergency Services, Treasury, Environmental Protection. Looks like the attackers used CVE-2021-32648 in all cases.

1+
Kir boosted
dispatch

More Russian Cyber Operations against Ukraine schneier.com/blog/archives/202 #Uncategorized #cyberwar #Ukraine #Russia

0
Kir

My mom told me i could be anything i want when i grow up. Turns out this is called Identity Theft.

0
Kir

, , ioc.exchange/@gsc/107516826470

0
Kir boosted
dispatch

Stolen Bitcoins Returned schneier.com/blog/archives/202 #cryptocurrency #lawenforcement #Uncategorized #cybercrime #bitcoin #theft #FBI

0
Kir

I see the problem with groups not in that they "have been selling to everyone".
It is that they have NOT been selling to everyone, just to some obscure group of assholes they felt confident with.

0
Kir

Unusual cold temperatures(as for December) in European part of Russia for few days. Russian Ministry of Emergencies increased readiness preparedness in several regions due to freezing cold. Strictly along the line of the eastern border of . Ok, who will be the first to say Weather ?

0
Kir

Considering the fact that miners would go unnoticed for several months and worm itself is quiet enough... So this is not the end of
ioc.exchange/@gsc/107477757176

0
Kir boosted
GSC Research

#VXUnderground published a first worm sample that uses a #Log4Shell to install Monero-miner.
Self-propagating #Mirai-bot identified by security researcher 1ZRR4H@twitter.com

1
Kir

fbi.gov/news/pressrel/press-re

Show thread
0
Kir

A group of unidentified hackers have compromised one of the ’s email servers and have sent out a massive wave of spam emails containing a warning about a (fake) cyberattack that was allegedly taking place.
therecord.media/official-fbi-e

1
Kir

have aggregated a sample of Groups trojanized IDA Pro installer.

You can download it here: vx-underground.org/apts

0
Show older
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.

Resources

Developers

What is Mastodon?

infosec.exchange

More…