Kir boosted
Kir boosted

Samples of #WhisperGate (VXUG) aka #attack13 (DG) aka DEV-0586 (MSTIC) - the MBR Overwriter targeting Gov #Ukraine samples.vx-underground.org/APT (pass "infected")

Kir boosted

New official version: not a #vulnerability in OctoberCMS but supply chain attack. cip.gov.ua/ua/news/derzhspeczv (currently UA only, sorry). Company not named, but rumored to be Kitsoft Ukraine

Kir boosted

CVE-2021-32648 (Score 6.4) - attacker can request an account password reset and then gain access to the account using a specially crafted request.
CVE Publish Date: 26.08.2021
OctoberCMS Patch Commit Date: 07.04.2021
Total disgrace

Show thread
Kir boosted

15 gov sites in Ukraine - all using OctoberCMS - have been defaced, incl Min of Foreign Affairs, Cabinet of Ministers, Min of Ed, Emergency Services, Treasury, Environmental Protection. Looks like the attackers used CVE-2021-32648 in all cases.

CVE-2021-32648 (Score 6.4) - attacker can request an account password reset and then gain access to the account using a specially crafted request.
CVE Publish Date: 26.08.2021
OctoberCMS Patch Commit Date: 07.04.2021
Total disgrace

Show thread

15 gov sites in Ukraine - all using OctoberCMS - have been defaced, incl Min of Foreign Affairs, Cabinet of Ministers, Min of Ed, Emergency Services, Treasury, Environmental Protection. Looks like the attackers used CVE-2021-32648 in all cases.

Kir boosted

My mom told me i could be anything i want when i grow up. Turns out this is called Identity Theft.

Kir boosted

I see the problem with groups not in that they "have been selling to everyone".
It is that they have NOT been selling to everyone, just to some obscure group of assholes they felt confident with.

Unusual cold temperatures(as for December) in European part of Russia for few days. Russian Ministry of Emergencies increased readiness preparedness in several regions due to freezing cold. Strictly along the line of the eastern border of . Ok, who will be the first to say Weather ?

Considering the fact that miners would go unnoticed for several months and worm itself is quiet enough... So this is not the end of
ioc.exchange/@gsc/107477757176

Kir boosted

#VXUnderground published a first worm sample that uses a #Log4Shell to install Monero-miner.
Self-propagating #Mirai-bot identified by security researcher 1ZRR4H@twitter.com

A group of unidentified hackers have compromised one of the ’s email servers and have sent out a massive wave of spam emails containing a warning about a (fake) cyberattack that was allegedly taking place.
therecord.media/official-fbi-e

have aggregated a sample of Groups trojanized IDA Pro installer.

You can download it here: vx-underground.org/apts

Show older
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.