Forwarded from cKure Red
This media is not supported in your browser
VIEW IN TELEGRAM
Anonymous (Hacktivist group) sends a message to the Israeli leader and government amid ongoing attack on children of Palestine.
Story; part of Israel-Palestine Cyber-War.
https://youtu.be/BGcHzs9LKQE
Story; part of Israel-Palestine Cyber-War.
https://youtu.be/BGcHzs9LKQE
■■■■□ Afuzz - Automated Web Path Fuzzing Tool For The Bug Bounty Projects.
https://github.com/RapidDNS/Afuzz
https://github.com/RapidDNS/Afuzz
GitHub
GitHub - RapidDNS/Afuzz: Afuzz is an automated web path fuzzing tool for the Bug Bounty projects.
Afuzz is an automated web path fuzzing tool for the Bug Bounty projects. - RapidDNS/Afuzz
■■■□□ Australian Ports Cyber Incident ‘Serious & Ongoing’, Says Govt.
The cyber incident that struck several major Australian ports late Friday evening is still unresolved according to government officials, and is likely to continue “for a number of days”.
DP World Australia, which operates major ports in Sydney, Melbourne, Brisbane and Fremantle, handling about half the goods that move in and out of the country, is investigating the breach but refused to give a timeline on the resumption of normal service.
The cyber incident that struck several major Australian ports late Friday evening is still unresolved according to government officials, and is likely to continue “for a number of days”.
DP World Australia, which operates major ports in Sydney, Melbourne, Brisbane and Fremantle, handling about half the goods that move in and out of the country, is investigating the breach but refused to give a timeline on the resumption of normal service.
■■□□□ Data-Leak from United States: MOVEit global security incident compromising 1.3 million records of entire state's population.
Information for Maine Residents and Impacted Individuals.
https://www.maine.gov/moveit-global-data-security-incident/
https://mashable.com/article/maine-moveit-ransomware-attack
Information for Maine Residents and Impacted Individuals.
https://www.maine.gov/moveit-global-data-security-incident/
https://mashable.com/article/maine-moveit-ransomware-attack
■■■■□ Zero-Day: CVE-2023-36845 represents a notable PHP environment variable manipulation vulnerability that impacts Juniper SRX firewalls and EX switches. While Juniper has categorized this vulnerability as being of medium severity, in this article, we will elucidate how this singular vulnerability can be leveraged for remote, unauthenticated code execution.
https://github.com/kljunowsky/CVE-2023-36845
https://github.com/kljunowsky/CVE-2023-36845
GitHub
GitHub - kljunowsky/CVE-2023-36845: Juniper Firewalls CVE-2023-36845 - RCE
Juniper Firewalls CVE-2023-36845 - RCE. Contribute to kljunowsky/CVE-2023-36845 development by creating an account on GitHub.
20231113_004030.jpg
43.1 KB
■■■■□ An unknown Threat Actor(s) claim to have compromised Coin Cloud.
They allege to have exfiltrated 70,000 customer selfies (via ATM cameras), and 300,000 customers PII which includes Social Security Number, Date of Birth, First Name, Last Name, e-mail address, Telephone Number, Current Occupation, Physical Address, and more. They allege to have data for individuals residing in the United States as well as Brazil.
They also claim to have stolen the source code to the entire backend of Coin Cloud.
Coin Cloud filed for Chapter 11 Bankruptcy in February, 2023.
They allege to have exfiltrated 70,000 customer selfies (via ATM cameras), and 300,000 customers PII which includes Social Security Number, Date of Birth, First Name, Last Name, e-mail address, Telephone Number, Current Occupation, Physical Address, and more. They allege to have data for individuals residing in the United States as well as Brazil.
They also claim to have stolen the source code to the entire backend of Coin Cloud.
Coin Cloud filed for Chapter 11 Bankruptcy in February, 2023.
Source: VX-Underground | 𝕏■■■■□ Israel-Palestine Cyber-War update!
Iranian hackers launch malware attacks on Israel’s tech sector.
https://www.bleepingcomputer.com/news/security/iranian-hackers-launch-malware-attacks-on-israels-tech-sector/
Iranian hackers launch malware attacks on Israel’s tech sector.
https://www.bleepingcomputer.com/news/security/iranian-hackers-launch-malware-attacks-on-israels-tech-sector/
BleepingComputer
Iranian hackers launch malware attacks on Israel’s tech sector
Security researchers have tracked a new campaign from Imperial Kitten targeting transportation, logistics, and technology firms.
Forwarded from cKure Red
Top_C_C_Methods_1699929574.pdf
8.1 MB
● Command and control methods with details.
■■■■□ Tor / Darknet Links: Every website added to our repository has been verified as legitimate by an independent staff of Internet journalists from #DeepOnionWeb. Beware of unverified links that may lead to scams. DeepOnionWeb is one of the oldest and most reputable darknet news and links portals, used by thousands of people every day to safely access the darknet.
https://github.com/DeepWebOnion/darkweb-links
https://github.com/DeepWebOnion/darkweb-links
■■■■■ Bypassing GLIBC 2.32’s Safe-Linking Without Leaks into Code Execution: The House of Rust.
https://c4ebt.github.io/2021/01/22/House-of-Rust.html
https://c4ebt.github.io/2021/01/22/House-of-Rust.html
■■■□□ Cyber-Attack on UAE based company DP-World as it suffers a major cyber incident on its offshore offices in Australia 🦘
The attack disrupted port services. Up to 40% of the services were halted. Some operations were resume after overnight efforts by tech teams.
The Australian government was involved in this incident.
https://edition.cnn.com/2023/11/13/tech/australia-dp-world-cyberattack-ports-intl-hnk/index.html
The attack disrupted port services. Up to 40% of the services were halted. Some operations were resume after overnight efforts by tech teams.
The Australian government was involved in this incident.
https://edition.cnn.com/2023/11/13/tech/australia-dp-world-cyberattack-ports-intl-hnk/index.html
CNN
Australian ports resume some operations after major cyberattack | CNN Business
One of Australia’s biggest port operators has restarted some operations after a crippling cyberattack that led to a huge backup of cargo.
■■■■□ Disinformation: Telegram bot that deletes content from social media which show any content critical of Israel is still functional a month since creation.
Their statistics claim to bed up to 60% successful in deleting articles (https://t.me/cKure/13183)
Their statistics claim to bed up to 60% successful in deleting articles (https://t.me/cKure/13183)
■■■■■ WhatsApp spy - logs online/offline events from ANYONE in the world.
https://github.com/jasperan/whatsapp-osint
https://github.com/jasperan/whatsapp-osint
GitHub
GitHub - jasperan/whatsapp-osint: WhatsApp spy - logs online/offline events from ANYONE in the world
WhatsApp spy - logs online/offline events from ANYONE in the world - jasperan/whatsapp-osint
■■■■□ Russia: Sandworm have breached Danish energy sector companies.
Very nice timeline analysis.
CVE-2023-28771 + CVE-2023-33009 + CVE-2023-33010
https://github.com/blackorbird/APT_REPORT/blob/master/Sandworm/sektorcert-angrebet-mod-dansk-kritisk-infrastruktur-tlp-clear-en.pdf
Very nice timeline analysis.
CVE-2023-28771 + CVE-2023-33009 + CVE-2023-33010
https://github.com/blackorbird/APT_REPORT/blob/master/Sandworm/sektorcert-angrebet-mod-dansk-kritisk-infrastruktur-tlp-clear-en.pdf
GitHub
APT_REPORT/Sandworm/sektorcert-angrebet-mod-dansk-kritisk-infrastruktur-tlp-clear-en.pdf at master · blackorbird/APT_REPORT
Interesting APT Report Collection And Some Special IOC - blackorbird/APT_REPORT
■■■■□ New CacheWarp AMD CPU attack lets hackers gain root in Linux VMs.
https://www.bleepingcomputer.com/news/security/new-cachewarp-amd-cpu-attack-lets-hackers-gain-root-in-linux-vms/
https://www.bleepingcomputer.com/news/security/new-cachewarp-amd-cpu-attack-lets-hackers-gain-root-in-linux-vms/
BleepingComputer
New CacheWarp AMD CPU attack lets hackers gain root in Linux VMs
A new software-based fault injection attack, CacheWarp, can let threat actors hack into AMD SEV-protected virtual machines by targeting memory writes to escalate privileges and gain remote code execution.
■■■■□ CVE-2023-23583 (CVSS score: 8.8) allow escalation of privilege and/or information disclosure and/or denial of service via local access. Termed Reptar; the Intel CPU vulnerability impacts multi-tenant virtualized environments.
https://thehackernews.com/2023/11/reptar-new-intel-cpu-vulnerability.html
https://thehackernews.com/2023/11/reptar-new-intel-cpu-vulnerability.html
■■■■■ Zero-Day: VMware discloses critical VCD Appliance auth bypass with no patch.
https://www.bleepingcomputer.com/news/security/vmware-discloses-critical-vcd-appliance-auth-bypass-with-no-patch/
https://www.bleepingcomputer.com/news/security/vmware-discloses-critical-vcd-appliance-auth-bypass-with-no-patch/
BleepingComputer
VMware discloses critical VCD Appliance auth bypass with no patch
VMware disclosed a critical and unpatched authentication bypass vulnerability affecting Cloud Director appliance deployments.