cKure
■■■■□ #Privacy: iPhones of 36 Journalists Hacked Using iMessage Zero-Click Exploit. #0day / #zeroday https://thehackernews.com/2020/12/iphones-of-36-journalists-hacked-using.html
■■■■□ #CyberWar via #Zeroday: Zero-click iOS zero-day found deployed against #Qatar 🇶🇦 based Al Jazeera employees / journalists.
The spyware was created by #Israel 🇮🇱 based NSO-Group and supplied to various nation states customers.
https://www.zdnet.com/article/zero-click-ios-zero-day-found-deployed-against-al-jazeera-employees/ | #0day
The spyware was created by #Israel 🇮🇱 based NSO-Group and supplied to various nation states customers.
https://www.zdnet.com/article/zero-click-ios-zero-day-found-deployed-against-al-jazeera-employees/ | #0day
ZDNet
Zero-click iOS zero-day found deployed against Al Jazeera employees
Zero-day exploited a vulnerability in the iMessages app, patched in iOS 14.
■■□□□ US 🇺🇸 Indicts Former Zoom China Liaison for Doing PRC’s Bidding
A former China liaison at Zoom has been indicted by the US for interfering in meetings, monitoring users and fabricating evidence against them as per Beijing’s 🇨🇳 instructions.
https://www.infosecurity-magazine.com:443/news/us-indicts-former-zoom-china/ | #UnitedStates #China
A former China liaison at Zoom has been indicted by the US for interfering in meetings, monitoring users and fabricating evidence against them as per Beijing’s 🇨🇳 instructions.
https://www.infosecurity-magazine.com:443/news/us-indicts-former-zoom-china/ | #UnitedStates #China
Infosecurity Magazine
US Indicts Former Zoom China Liaison for Doing PRC’s Bidding
Employee accused of disrupting meetings to commemorate Tiananmen Square massacre
■■■■□ Watcher - Open Source Cybersecurity Threat Hunting Platform.
https://github.com/Felix83000/Watcher
https://github.com/Felix83000/Watcher
GitHub
GitHub - thalesgroup-cert/Watcher: Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS. - thalesgroup-cert/Watcher
■■□□□ While analyzing artifacts from the SolarWinds Orion supply-chain attack, security researchers discovered another backdoor that is likely from a second threat actor.
Some SolarWinds systems were found compromised with malware named Supernova and CosmicGale, unrelated to the recent supply chain attack.
https://www.bleepingcomputer.com/news/security/new-supernova-backdoor-found-in-solarwinds-cyberattack-analysis/
Some SolarWinds systems were found compromised with malware named Supernova and CosmicGale, unrelated to the recent supply chain attack.
https://www.bleepingcomputer.com/news/security/new-supernova-backdoor-found-in-solarwinds-cyberattack-analysis/
BleepingComputer
New SUPERNOVA backdoor found in SolarWinds cyberattack analysis
While analyzing artifacts from the SolarWinds Orion supply-chain attack, security researchers discovered another backdoor that is likely from a second threat actor.
cKure
■■■■■ Solorigate/SolarWinds: Second hacking team was targeting SolarWinds at time of big breach https://mobile.reuters.com/article/amp/idUSKBN28T0U1
■■■■□ VMware confirms breach in SolarWinds hacking campaign.
https://www.bleepingcomputer.com/news/security/vmware-latest-to-confirm-breach-in-solarwinds-hacking-campaign/
https://www.bleepingcomputer.com/news/security/vmware-latest-to-confirm-breach-in-solarwinds-hacking-campaign/
BleepingComputer
VMware latest to confirm breach in SolarWinds hacking campaign
VMware is the latest company to confirm that it had its systems breached in the recent SolarWinds attacks and said that the hackers did not make any attempts of further exploitation after gaining access through the deployed backdoor.
cKure
■■□□□ US 🇺🇸 Indicts Former Zoom China Liaison for Doing PRC’s Bidding A former China liaison at Zoom has been indicted by the US for interfering in meetings, monitoring users and fabricating evidence against them as per Beijing’s 🇨🇳 instructions. https:…
■■■□□ Zoom Exec Charged With Tiananmen Square Massacre Censorship.
https://securityboulevard.com/2020/12/zoom-exec-charged-with-tiananmen-square-massacre-censorship/
https://securityboulevard.com/2020/12/zoom-exec-charged-with-tiananmen-square-massacre-censorship/
Security Boulevard
Zoom Exec Charged With Tiananmen Square Massacre Censorship
The Justice Department accuses a Zoom executive in China of conspiring to harass Americans and to leak their PII.
cKure
■■■■□ VMware confirms breach in SolarWinds hacking campaign. https://www.bleepingcomputer.com/news/security/vmware-latest-to-confirm-breach-in-solarwinds-hacking-campaign/
■■■□□ List of organizations hacked so far in the SolarWinds supply chain ⛓ exploit.
https://www.zdnet.com/article/partial-lists-of-organizations-infected-with-sunburst-malware-released-online
https://www.zdnet.com/article/partial-lists-of-organizations-infected-with-sunburst-malware-released-online
ZDNet
Partial lists of organizations infected with Sunburst malware released online
As security researchers dig through forensic evidence in the aftermath of the SolarWinds supply chain attack, victim names are slowly starting to surface.
Red_Kangaroo.pdf
3.6 MB
■■■□□ Industry’s First Dynamic Analysis of 4 million
Publicly Available Docker Hub Container Images.
Red_Kangaroo.pdf
Publicly Available Docker Hub Container Images.
Red_Kangaroo.pdf
cKure
■■■□□ List of organizations hacked so far in the SolarWinds supply chain ⛓ exploit. https://www.zdnet.com/article/partial-lists-of-organizations-infected-with-sunburst-malware-released-online
■■■■□ #BlueTeam: Incident response playbook for SolarWinds' backdoor Sunburst.
https://www.trustedsec.com/blog/solarwinds-backdoor-sunburst-incident-response-playbook/
https://www.trustedsec.com/blog/solarwinds-backdoor-sunburst-incident-response-playbook/
TrustedSec
SolarWinds Backdoor (Sunburst) Incident Response Playbook
SolarWinds Orion servers should be forensically preserved, if possible, to allow forensic examination. User Activity The accounts mentioned below include…
cKure
■■■■□ #CyberWar via #Zeroday: Zero-click iOS zero-day found deployed against #Qatar 🇶🇦 based Al Jazeera employees / journalists. The spyware was created by #Israel 🇮🇱 based NSO-Group and supplied to various nation states customers. https://www.zdnet.com/article/zero…
■■■■□ CitizenLab report on the NSO group hack.
https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/
https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/
The Citizen Lab
The Great iPwn
Government operatives used NSO Group’s Pegasus spyware to hack 36 personal phones belonging to journalists, producers, anchors, and executives at Al Jazeera. The journalists were hacked by four Pegasus operators, including one operator MONARCHY that we attribute…
■■■□□ Trukno: "On A Mission To Deliver Cyber Intelligence, Not Cyber News".
https://www.ehackingnews.com/2020/12/trukno-on-mission-to-deliver-cyber.html
https://www.ehackingnews.com/2020/12/trukno-on-mission-to-deliver-cyber.html
■□□□□ HRS / HTTP Request Smuggling Detection Tool.
https://hackbotone.medium.com/http-request-smuggling-detection-tool-36ed4bff359c
https://hackbotone.medium.com/http-request-smuggling-detection-tool-36ed4bff359c
Medium
HTTP Request Smuggling Detection Tool
What is HTTP Request Smuggling?
■■□□□ #DataLeak: #UK 🇬🇧 firm NOW: Pensions tells 1.7 million customers a 'service partner' leaked their data all over 'public software forum'.
https://go.theregister.com/feed/www.theregister.com/2020/12/22/now_pensions_data_breach/
https://go.theregister.com/feed/www.theregister.com/2020/12/22/now_pensions_data_breach/
■■■□□ Law enforcement take down three bulletproof VPN providers.
https://www.zdnet.com/article/law-enforcement-take-down-three-bulletproof-vpn-providers/
https://www.zdnet.com/article/law-enforcement-take-down-three-bulletproof-vpn-providers/
ZDNET
Law enforcement take down three bulletproof VPN providers
The three VPN services provided safe haven for cybercriminals to carry out ransomware attacks, web skimming operations, spearphishing, and account takeovers.
■■■■■ #Israel 🇮🇱 based hacking company Celebite claims to have cracked the encryption of Signal messenger.
https://www.cellebrite.com/en/blog/cellebrites-new-solution-for-decrypting-the-signal-app/
Response from the creator of Signal:
https://mobile.twitter.com/moxie/status/1337434126186553345
Reference:
https://www.bbc.com/news/amp/technology-55412230
https://www.cellebrite.com/en/blog/cellebrites-new-solution-for-decrypting-the-signal-app/
Response from the creator of Signal:
https://mobile.twitter.com/moxie/status/1337434126186553345
Reference:
https://www.bbc.com/news/amp/technology-55412230
cKure
■■■■■ #Israel 🇮🇱 based hacking company Celebite claims to have cracked the encryption of Signal messenger. https://www.cellebrite.com/en/blog/cellebrites-new-solution-for-decrypting-the-signal-app/ Response from the creator of Signal: https://mobile.tw…
Screenshot_20201223-004909_Chrome.jpg
2.5 MB
■■■■■ Since the original blog about the claim was taken down. Here is the screenshot of the original post. Also the archive link for reference.
The exploit apparently works on Android only. We are assessing the technical details shared.
http://web.archive.org/web/20201210150311/https://www.cellebrite.com/en/blog/cellebrites-new-solution-for-decrypting-the-signal-app/
The exploit apparently works on Android only. We are assessing the technical details shared.
http://web.archive.org/web/20201210150311/https://www.cellebrite.com/en/blog/cellebrites-new-solution-for-decrypting-the-signal-app/