The database leaked from (last year?) Airtel breach is leaked "de-hashed" today, and I'm astonished about this WTF practice: about 18k users (out of 42k) have the exact same password: Airtel
@123
I've been playing today with Citrix Secure Access windows client and to my surprise it's a webview driven app that holds it's authentication state using.. A Cookie that can be extracted from memory with no special privileges. The cookie can then be used to access the web portal.
New technique to bypassing EDRs with EDR-Preloading.
Tldr: blocking EDR from loading it's DLL into a process preventing the deployment of user land hooks.
4TB of proprietary data from 🇮🇱
@Cellebrite
(Cellebrite Mobilogy & Cellebrite TFS backup) leaked by anonymous source.
Notably, Cellebrite Mobilogy shares code with Cellebrite Universal Forensics Extraction Device or Cellebrite UFED, used by law enforcement agencies.
Well done h4x0rz you got the attention of 90% of Twitter for two days.
The community will indeed have a field day unfollowing all of your accounts...
#KasperskyLeakFail
:)
I'll be releasing soon the source code of a
#ransomware
simulator with the following capabilities:
-AES encryption of a given number of files with given extensions
-FTP/SMTP exfiltratetion
-Shadow copy create/delete + some LOLbs
-Ransomenote dropping
-Logging
I extracted the bitcoin wallet addresses from the affected ESXi ( 315 indexed by shodan at the moment of pulling them) feel free to PR and add new ones.
Because we all love graphs.
Just discovered this open-source visualization application that transforms various data formats, such as JSON, YAML, XML, CSV and more, into interactive graphs.
Here is the code of my
#Ransomware
simulator:
I ended up replacing AES with simple XOR.
- Exfiltrating Documents (SMTP and/or FTP)
- Creating/Deleting Volume Shadow Copies
- Encrypting documents
- Dropping a ransomware note to the user's desktop
I made a single JSON file from the iSoon/Anxun leak (that you can grab from here () The very first analysis shows that the two key figures are lengmo and Shutd0wn:
Quite disturbing to notice that by only "ticking" "Produce a single file" when publishing a .net core assembly, most EDRs stop detecting even very basic msfvenom reverse shells!
CS was completely blinded, S1 killed the process once co established.
Ok, the thrill is gone:
#raidforums
was seized by the
#FBI
which means that the FBI is into phishing now lol
The NS domains were used in previous cases:
@Cyberknow20
@SOSIntel
@
A threat actor is selling what could be the most significant leak of the Shanghai GOV () National Police Database.
From the sample, it smells like a poorly protected API...
The second opsec failure from the APT dudes: the email 576514445
@qq
[.]com was used to register an account in Hiapk.
Hiapk was breached maybe around 2014, this APT dude used "VBULLETIN" as a password :(
1/2
Working on a shellcode injector that will download the SC and inject it either in a process or into the running process with capability of decrypting it (aes) if the key is provided. Managed to unhook stuff patch amsi/etw. Windows Defender is bypassed at this stage.
Je suis effaré par l'absurdité et la cruauté de ce qui s'est passé. Je suis désolé
#MonsieurPaty
, je suis désolé
#ConflansSainteHonorine
. Je prends sincèrement part de cette douleur, de ce chagrin et de cette incompréhension. Jamais l'idée va mourir. Repose en paix Mr Paty.
The "cyber incident" announced by the German-based independent manufacturer of power semiconductor components SEMIKRON is a ransomware attack held by
#LV
group. 2Tb of data allegedly stolen.
@ransomwaremap
@cyber_etc
@ValeryMarchive
The supposedly
#Bitcoin
address used by
#Lapsus
received a total of 3,790.62159317 BTC ($160,262,780.59)... I have to admit that extortion works :)
btc wallet hint from
@HaboubiAnis
A threat actor seems specialized in selling GOV emails access of these countries
France 🇫🇷, India 🇮🇳, Malaysia 🇲🇾, Nigeria 🇳🇬, Pakistan 🇵🇰 and Vietnam🇻🇳
Proof of concept for a bug, that allows any user to crash the Windows Event Log service of any other Windows 10/Windows Server 2022 machine on the same domain.
I processed the image files from the ISOON/Anxun leak (using Tesseract OCR) the result is probably approximative but you can grab it here …. Now working on translating the stuff locally using facebook/mbart-large-50-many-to-many-mmt, will take some time.
The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024. Microsoft has identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as Nobelium.
#Lockbit
operator accuses a user named Alan Wake,(the sponsor of the new xss contest) , of being the leader of
#Conti
and the new
#BlackBasta
#ransomware
.
There are whispers about Lockbit operator being blocked in xss, and according to him, blocked, he will creates his own forum
Today’s Theme is vulnerability 👀
Akamai researchers have discovered a vuln in Windows Themes that can trigger an authentication coercion - with almost zero user interaction.
User views the file, Explorer sends SMB packets with credentials.
Full post:
China’s Ministry of State Security (MSS) has claimed that the NSA infiltrated servers belonging to Chinese tech company Huawei as far back as 2009.
Source :
Catho ( a job search portal.) based in Barueri, Brazil. Catho Online Ltda. operates as a subsidiary of Brasil Online Holdings Coperatief U.A. And it suffered a massive data breach impacting 10.7M users.
The leak contains name, login, email, password and is being sold for $2k.
After successfully locking Oil India, the
#ransomware
group trying to impersonate REvil (or maybe REvil ?!) added a new victim to their blog:Visotec Group.
I'll be calling them useransom.187201 until an "official" name is given to them.
@ValeryMarchive
@SOSIntel
@ransomwaremap
#Entrust
vs
#Lockbit
is a very curious case..
From the chat log timestamps, the negociations started two months ago (29/06) and for some reason, after offering 1M$ (saving time?), Entrust stopped negociating the 13/07.
FYI:Tha initial ransom was 8M$ than dropped to 6,8M$.