20231113_004030.jpg
43.1 KB
■■■■□ An unknown Threat Actor(s) claim to have compromised Coin Cloud.
They allege to have exfiltrated 70,000 customer selfies (via ATM cameras), and 300,000 customers PII which includes Social Security Number, Date of Birth, First Name, Last Name, e-mail address, Telephone Number, Current Occupation, Physical Address, and more. They allege to have data for individuals residing in the United States as well as Brazil.
They also claim to have stolen the source code to the entire backend of Coin Cloud.
Coin Cloud filed for Chapter 11 Bankruptcy in February, 2023.
They allege to have exfiltrated 70,000 customer selfies (via ATM cameras), and 300,000 customers PII which includes Social Security Number, Date of Birth, First Name, Last Name, e-mail address, Telephone Number, Current Occupation, Physical Address, and more. They allege to have data for individuals residing in the United States as well as Brazil.
They also claim to have stolen the source code to the entire backend of Coin Cloud.
Coin Cloud filed for Chapter 11 Bankruptcy in February, 2023.
Source: VX-Underground | 𝕏■■■■□ Israel-Palestine Cyber-War update!
Iranian hackers launch malware attacks on Israel’s tech sector.
https://www.bleepingcomputer.com/news/security/iranian-hackers-launch-malware-attacks-on-israels-tech-sector/
Iranian hackers launch malware attacks on Israel’s tech sector.
https://www.bleepingcomputer.com/news/security/iranian-hackers-launch-malware-attacks-on-israels-tech-sector/
BleepingComputer
Iranian hackers launch malware attacks on Israel’s tech sector
Security researchers have tracked a new campaign from Imperial Kitten targeting transportation, logistics, and technology firms.
Forwarded from cKure Red
Top_C_C_Methods_1699929574.pdf
8.1 MB
● Command and control methods with details.
■■■■□ Tor / Darknet Links: Every website added to our repository has been verified as legitimate by an independent staff of Internet journalists from #DeepOnionWeb. Beware of unverified links that may lead to scams. DeepOnionWeb is one of the oldest and most reputable darknet news and links portals, used by thousands of people every day to safely access the darknet.
https://github.com/DeepWebOnion/darkweb-links
https://github.com/DeepWebOnion/darkweb-links
■■■■■ Bypassing GLIBC 2.32’s Safe-Linking Without Leaks into Code Execution: The House of Rust.
https://c4ebt.github.io/2021/01/22/House-of-Rust.html
https://c4ebt.github.io/2021/01/22/House-of-Rust.html
■■■□□ Cyber-Attack on UAE based company DP-World as it suffers a major cyber incident on its offshore offices in Australia 🦘
The attack disrupted port services. Up to 40% of the services were halted. Some operations were resume after overnight efforts by tech teams.
The Australian government was involved in this incident.
https://edition.cnn.com/2023/11/13/tech/australia-dp-world-cyberattack-ports-intl-hnk/index.html
The attack disrupted port services. Up to 40% of the services were halted. Some operations were resume after overnight efforts by tech teams.
The Australian government was involved in this incident.
https://edition.cnn.com/2023/11/13/tech/australia-dp-world-cyberattack-ports-intl-hnk/index.html
CNN
Australian ports resume some operations after major cyberattack | CNN Business
One of Australia’s biggest port operators has restarted some operations after a crippling cyberattack that led to a huge backup of cargo.
■■■■□ Disinformation: Telegram bot that deletes content from social media which show any content critical of Israel is still functional a month since creation.
Their statistics claim to bed up to 60% successful in deleting articles (https://t.me/cKure/13183)
Their statistics claim to bed up to 60% successful in deleting articles (https://t.me/cKure/13183)
■■■■■ WhatsApp spy - logs online/offline events from ANYONE in the world.
https://github.com/jasperan/whatsapp-osint
https://github.com/jasperan/whatsapp-osint
GitHub
GitHub - jasperan/whatsapp-osint: WhatsApp spy - logs online/offline events from ANYONE in the world
WhatsApp spy - logs online/offline events from ANYONE in the world - jasperan/whatsapp-osint
■■■■□ Russia: Sandworm have breached Danish energy sector companies.
Very nice timeline analysis.
CVE-2023-28771 + CVE-2023-33009 + CVE-2023-33010
https://github.com/blackorbird/APT_REPORT/blob/master/Sandworm/sektorcert-angrebet-mod-dansk-kritisk-infrastruktur-tlp-clear-en.pdf
Very nice timeline analysis.
CVE-2023-28771 + CVE-2023-33009 + CVE-2023-33010
https://github.com/blackorbird/APT_REPORT/blob/master/Sandworm/sektorcert-angrebet-mod-dansk-kritisk-infrastruktur-tlp-clear-en.pdf
GitHub
APT_REPORT/Sandworm/sektorcert-angrebet-mod-dansk-kritisk-infrastruktur-tlp-clear-en.pdf at master · blackorbird/APT_REPORT
Interesting APT Report Collection And Some Special IOC - blackorbird/APT_REPORT
■■■■□ New CacheWarp AMD CPU attack lets hackers gain root in Linux VMs.
https://www.bleepingcomputer.com/news/security/new-cachewarp-amd-cpu-attack-lets-hackers-gain-root-in-linux-vms/
https://www.bleepingcomputer.com/news/security/new-cachewarp-amd-cpu-attack-lets-hackers-gain-root-in-linux-vms/
BleepingComputer
New CacheWarp AMD CPU attack lets hackers gain root in Linux VMs
A new software-based fault injection attack, CacheWarp, can let threat actors hack into AMD SEV-protected virtual machines by targeting memory writes to escalate privileges and gain remote code execution.
■■■■□ CVE-2023-23583 (CVSS score: 8.8) allow escalation of privilege and/or information disclosure and/or denial of service via local access. Termed Reptar; the Intel CPU vulnerability impacts multi-tenant virtualized environments.
https://thehackernews.com/2023/11/reptar-new-intel-cpu-vulnerability.html
https://thehackernews.com/2023/11/reptar-new-intel-cpu-vulnerability.html
■■■■■ Zero-Day: VMware discloses critical VCD Appliance auth bypass with no patch.
https://www.bleepingcomputer.com/news/security/vmware-discloses-critical-vcd-appliance-auth-bypass-with-no-patch/
https://www.bleepingcomputer.com/news/security/vmware-discloses-critical-vcd-appliance-auth-bypass-with-no-patch/
BleepingComputer
VMware discloses critical VCD Appliance auth bypass with no patch
VMware disclosed a critical and unpatched authentication bypass vulnerability affecting Cloud Director appliance deployments.
■■■■■ Data-Leak: Samsung says hackers accessed customer data during year-long data-breach.
https://techcrunch.com/2023/11/16/samsung-hackers-customer-data-breach/
https://techcrunch.com/2023/11/16/samsung-hackers-customer-data-breach/
TechCrunch
Samsung says hackers accessed customer data during year-long breach
Samsung confirmed hackers accessed the personal data of U.K.-based customers during a historical year-long breach of its systems.
■■■□□ Exploit for cve-2023-47246 SysAid RCE (shell upload).
https://github.com/W01fh4cker/CVE-2023-47246-EXP
https://github.com/W01fh4cker/CVE-2023-47246-EXP
GitHub
GitHub - W01fh4cker/CVE-2023-47246-EXP: exploit for cve-2023-47246 SysAid RCE (shell upload)
exploit for cve-2023-47246 SysAid RCE (shell upload) - W01fh4cker/CVE-2023-47246-EXP
■■□□□ A tool for carrying out brute force attacks against Office 365, with built-in IP rotation use AWS gateways.
https://github.com/nickzer0/RagingRotator
https://github.com/nickzer0/RagingRotator
GitHub
GitHub - nickzer0/RagingRotator: A tool for carrying out brute force attacks against Office 365, with built in IP rotation use…
A tool for carrying out brute force attacks against Office 365, with built in IP rotation use AWS gateways. - nickzer0/RagingRotator
■■■■■ Zero-Day: In a first, cryptographic keys protecting SSH connections stolen in new attack
An error as small as a single flipped memory bit is all it takes to expose a private key.
https://arstechnica.com/security/2023/11/hackers-can-steal-ssh-cryptographic-keys-in-new-cutting-edge-attack/2/
An error as small as a single flipped memory bit is all it takes to expose a private key.
https://arstechnica.com/security/2023/11/hackers-can-steal-ssh-cryptographic-keys-in-new-cutting-edge-attack/2/
Ars Technica
In a first, cryptographic keys protecting SSH connections stolen in new attack
An error as small as a single flipped memory bit is all it takes to expose a private key.
■■■■■ MetaFinder: Search for documents in a domain through Search Engines (Google, Bing and Baidu). The objective is to extract metadata.
https://github.com/Josue87/MetaFinder
https://github.com/Josue87/MetaFinder
GitHub
GitHub - Josue87/MetaFinder: Search for documents in a domain through Search Engines (Google, Bing and Baidu). The objective is…
Search for documents in a domain through Search Engines (Google, Bing and Baidu). The objective is to extract metadata - Josue87/MetaFinder
Forwarded from cKure Red
An Indian hack-for-hire group targeted the United States, China, Myanmar, Pakistan, Kuwait, and other countries as part of a wide-ranging espionage, surveillance, and disruptive operation for over a decade.
The Appin Software Security (aka Appin Security Group), according to an in-depth analysis from SentinelOne, began as an educational startup offering offensive security training programs, while carrying out covert hacking operations since at least 2009.
https://thehackernews.com/2023/11/indian-hack-for-hire-group-targeted-us.html
https://thehackernews.com/2013/05/first-large-cyber-espionage-activity.html
The Appin Software Security (aka Appin Security Group), according to an in-depth analysis from SentinelOne, began as an educational startup offering offensive security training programs, while carrying out covert hacking operations since at least 2009.
https://thehackernews.com/2023/11/indian-hack-for-hire-group-targeted-us.html
https://thehackernews.com/2013/05/first-large-cyber-espionage-activity.html