cKure
■■■■□ VMware confirms breach in SolarWinds hacking campaign. https://www.bleepingcomputer.com/news/security/vmware-latest-to-confirm-breach-in-solarwinds-hacking-campaign/
■■■□□ List of organizations hacked so far in the SolarWinds supply chain ⛓ exploit.
https://www.zdnet.com/article/partial-lists-of-organizations-infected-with-sunburst-malware-released-online
https://www.zdnet.com/article/partial-lists-of-organizations-infected-with-sunburst-malware-released-online
ZDNet
Partial lists of organizations infected with Sunburst malware released online
As security researchers dig through forensic evidence in the aftermath of the SolarWinds supply chain attack, victim names are slowly starting to surface.
Red_Kangaroo.pdf
3.6 MB
■■■□□ Industry’s First Dynamic Analysis of 4 million
Publicly Available Docker Hub Container Images.
Red_Kangaroo.pdf
Publicly Available Docker Hub Container Images.
Red_Kangaroo.pdf
cKure
■■■□□ List of organizations hacked so far in the SolarWinds supply chain ⛓ exploit. https://www.zdnet.com/article/partial-lists-of-organizations-infected-with-sunburst-malware-released-online
■■■■□ #BlueTeam: Incident response playbook for SolarWinds' backdoor Sunburst.
https://www.trustedsec.com/blog/solarwinds-backdoor-sunburst-incident-response-playbook/
https://www.trustedsec.com/blog/solarwinds-backdoor-sunburst-incident-response-playbook/
TrustedSec
SolarWinds Backdoor (Sunburst) Incident Response Playbook
SolarWinds Orion servers should be forensically preserved, if possible, to allow forensic examination. User Activity The accounts mentioned below include…
cKure
■■■■□ #CyberWar via #Zeroday: Zero-click iOS zero-day found deployed against #Qatar 🇶🇦 based Al Jazeera employees / journalists. The spyware was created by #Israel 🇮🇱 based NSO-Group and supplied to various nation states customers. https://www.zdnet.com/article/zero…
■■■■□ CitizenLab report on the NSO group hack.
https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/
https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/
The Citizen Lab
The Great iPwn
Government operatives used NSO Group’s Pegasus spyware to hack 36 personal phones belonging to journalists, producers, anchors, and executives at Al Jazeera. The journalists were hacked by four Pegasus operators, including one operator MONARCHY that we attribute…
■■■□□ Trukno: "On A Mission To Deliver Cyber Intelligence, Not Cyber News".
https://www.ehackingnews.com/2020/12/trukno-on-mission-to-deliver-cyber.html
https://www.ehackingnews.com/2020/12/trukno-on-mission-to-deliver-cyber.html
■□□□□ HRS / HTTP Request Smuggling Detection Tool.
https://hackbotone.medium.com/http-request-smuggling-detection-tool-36ed4bff359c
https://hackbotone.medium.com/http-request-smuggling-detection-tool-36ed4bff359c
Medium
HTTP Request Smuggling Detection Tool
What is HTTP Request Smuggling?
■■□□□ #DataLeak: #UK 🇬🇧 firm NOW: Pensions tells 1.7 million customers a 'service partner' leaked their data all over 'public software forum'.
https://go.theregister.com/feed/www.theregister.com/2020/12/22/now_pensions_data_breach/
https://go.theregister.com/feed/www.theregister.com/2020/12/22/now_pensions_data_breach/
■■■□□ Law enforcement take down three bulletproof VPN providers.
https://www.zdnet.com/article/law-enforcement-take-down-three-bulletproof-vpn-providers/
https://www.zdnet.com/article/law-enforcement-take-down-three-bulletproof-vpn-providers/
ZDNET
Law enforcement take down three bulletproof VPN providers
The three VPN services provided safe haven for cybercriminals to carry out ransomware attacks, web skimming operations, spearphishing, and account takeovers.
■■■■■ #Israel 🇮🇱 based hacking company Celebite claims to have cracked the encryption of Signal messenger.
https://www.cellebrite.com/en/blog/cellebrites-new-solution-for-decrypting-the-signal-app/
Response from the creator of Signal:
https://mobile.twitter.com/moxie/status/1337434126186553345
Reference:
https://www.bbc.com/news/amp/technology-55412230
https://www.cellebrite.com/en/blog/cellebrites-new-solution-for-decrypting-the-signal-app/
Response from the creator of Signal:
https://mobile.twitter.com/moxie/status/1337434126186553345
Reference:
https://www.bbc.com/news/amp/technology-55412230
cKure
■■■■■ #Israel 🇮🇱 based hacking company Celebite claims to have cracked the encryption of Signal messenger. https://www.cellebrite.com/en/blog/cellebrites-new-solution-for-decrypting-the-signal-app/ Response from the creator of Signal: https://mobile.tw…
Screenshot_20201223-004909_Chrome.jpg
2.5 MB
■■■■■ Since the original blog about the claim was taken down. Here is the screenshot of the original post. Also the archive link for reference.
The exploit apparently works on Android only. We are assessing the technical details shared.
http://web.archive.org/web/20201210150311/https://www.cellebrite.com/en/blog/cellebrites-new-solution-for-decrypting-the-signal-app/
The exploit apparently works on Android only. We are assessing the technical details shared.
http://web.archive.org/web/20201210150311/https://www.cellebrite.com/en/blog/cellebrites-new-solution-for-decrypting-the-signal-app/
■■■□□ Protecting Against an Unfixed Kubernetes Man-in-the-Middle Vulnerability (CVE-2020-8554).
https://unit42.paloaltonetworks.com/cve-2020-8554/
https://unit42.paloaltonetworks.com/cve-2020-8554/
Unit 42
Protecting Against an Unfixed Kubernetes Man-in-the-Middle Vulnerability (CVE-2020-8554)
A currently unpatched, medium-severity issue affecting all Kubernetes versions, CVE-2020-8554 can be mitigated in several ways.
■■■□□ #India 🇮🇳: Delhi Police Has Tools To Extract Data From Smartphones, Including IPhones.
https://www.medianama.com/2020/12/223-exclusive-delhi-police-has-tools-extract-data-from-smartphones-iphones/
https://www.medianama.com/2020/12/223-exclusive-delhi-police-has-tools-extract-data-from-smartphones-iphones/
MEDIANAMA
Exclusive: Delhi Police has tools to extract data from smartphones, including iPhones
Delhi Police has the tools to extract data from locked smartphones, including iPhones but their effectiveness remains under question.
cKure
■■□□□ While analyzing artifacts from the SolarWinds Orion supply-chain attack, security researchers discovered another backdoor that is likely from a second threat actor. Some SolarWinds systems were found compromised with malware named Supernova and CosmicGale…
■■■□□ SUNBURST, TEARDROP and the NetSec New Normal.
https://research.checkpoint.com/2020/sunburst-teardrop-and-the-netsec-new-normal
https://research.checkpoint.com/2020/sunburst-teardrop-and-the-netsec-new-normal
■■■□□ #DataLeak: Microsoft Azure breach left thousands of customer records exposed.
https://www.techradar.com/amp/news/microsoft-azure-breach-left-thousands-of-customer-records-exposed
https://www.techradar.com/amp/news/microsoft-azure-breach-left-thousands-of-customer-records-exposed
TechRadar
Thousands of customer records exposed after serious data breach
Yet another instance of an unsecured storage exposing customer data.
■□□□□ What We Have Learned So Far about the “Sunburst”/SolarWinds Hack
https://www.fortinet.com/blog/threat-research/what-we-have-learned-so-far-about-the-sunburst-solarwinds-hack
https://www.fortinet.com/blog/threat-research/what-we-have-learned-so-far-about-the-sunburst-solarwinds-hack
Fortinet Blog
What We Have Learned So Far about the “Sunburst”/SolarWinds Hack
Recently, it was reported that a nation-state threat actor infiltrated a number of organizations. FortiGuard Labs has worked to uncover details on the attack to ensure our customers are protected. …
cKure
■■■■□ CitizenLab report on the NSO group hack. https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/
YouTube
Al Jazeera journalists hacked using Israeli firm’s spyware
Dozens of journalists at Al Jazeera Media Network were targeted this year by advanced spyware sold by an Israeli firm in an attack likely linked to the governments of Saudi Arabia and the United Arab Emirates, a cybersecurity watchdog said.
Citizen Lab’s…
Citizen Lab’s…
6dd04fe2-7d10-4632-89f1-eb8f932f6e94.pdf
147.1 KB
■□□□□ SolarWinds Solorigate.
The notice [PDF] says that FireEye notified the network management biz's CEO (who had only been on the job for three days) of a serious security issue on 12 December. But by then the SUNBURST malware had already spread to around 18,000 customers.
6dd04fe2-7d10-4632-89f1-eb8f932f6e94.pdf
The notice [PDF] says that FireEye notified the network management biz's CEO (who had only been on the job for three days) of a serious security issue on 12 December. But by then the SUNBURST malware had already spread to around 18,000 customers.
6dd04fe2-7d10-4632-89f1-eb8f932f6e94.pdf
■□□□□ AST-2020-004: Remote crash in res_pjsip_diversion.
http://seclists.org/fulldisclosure/2020/Dec/46
http://seclists.org/fulldisclosure/2020/Dec/46
seclists.org
Full Disclosure: AST-2020-004: Remote crash in res_pjsip_diversion