■■■□□ #India 🇮🇳: Delhi Police Has Tools To Extract Data From Smartphones, Including IPhones.
https://www.medianama.com/2020/12/223-exclusive-delhi-police-has-tools-extract-data-from-smartphones-iphones/
https://www.medianama.com/2020/12/223-exclusive-delhi-police-has-tools-extract-data-from-smartphones-iphones/
MEDIANAMA
Exclusive: Delhi Police has tools to extract data from smartphones, including iPhones
Delhi Police has the tools to extract data from locked smartphones, including iPhones but their effectiveness remains under question.
cKure
■■□□□ While analyzing artifacts from the SolarWinds Orion supply-chain attack, security researchers discovered another backdoor that is likely from a second threat actor. Some SolarWinds systems were found compromised with malware named Supernova and CosmicGale…
■■■□□ SUNBURST, TEARDROP and the NetSec New Normal.
https://research.checkpoint.com/2020/sunburst-teardrop-and-the-netsec-new-normal
https://research.checkpoint.com/2020/sunburst-teardrop-and-the-netsec-new-normal
■■■□□ #DataLeak: Microsoft Azure breach left thousands of customer records exposed.
https://www.techradar.com/amp/news/microsoft-azure-breach-left-thousands-of-customer-records-exposed
https://www.techradar.com/amp/news/microsoft-azure-breach-left-thousands-of-customer-records-exposed
TechRadar
Thousands of customer records exposed after serious data breach
Yet another instance of an unsecured storage exposing customer data.
■□□□□ What We Have Learned So Far about the “Sunburst”/SolarWinds Hack
https://www.fortinet.com/blog/threat-research/what-we-have-learned-so-far-about-the-sunburst-solarwinds-hack
https://www.fortinet.com/blog/threat-research/what-we-have-learned-so-far-about-the-sunburst-solarwinds-hack
Fortinet Blog
What We Have Learned So Far about the “Sunburst”/SolarWinds Hack
Recently, it was reported that a nation-state threat actor infiltrated a number of organizations. FortiGuard Labs has worked to uncover details on the attack to ensure our customers are protected. …
cKure
■■■■□ CitizenLab report on the NSO group hack. https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/
YouTube
Al Jazeera journalists hacked using Israeli firm’s spyware
Dozens of journalists at Al Jazeera Media Network were targeted this year by advanced spyware sold by an Israeli firm in an attack likely linked to the governments of Saudi Arabia and the United Arab Emirates, a cybersecurity watchdog said.
Citizen Lab’s…
Citizen Lab’s…
6dd04fe2-7d10-4632-89f1-eb8f932f6e94.pdf
147.1 KB
■□□□□ SolarWinds Solorigate.
The notice [PDF] says that FireEye notified the network management biz's CEO (who had only been on the job for three days) of a serious security issue on 12 December. But by then the SUNBURST malware had already spread to around 18,000 customers.
6dd04fe2-7d10-4632-89f1-eb8f932f6e94.pdf
The notice [PDF] says that FireEye notified the network management biz's CEO (who had only been on the job for three days) of a serious security issue on 12 December. But by then the SUNBURST malware had already spread to around 18,000 customers.
6dd04fe2-7d10-4632-89f1-eb8f932f6e94.pdf
■□□□□ AST-2020-004: Remote crash in res_pjsip_diversion.
http://seclists.org/fulldisclosure/2020/Dec/46
http://seclists.org/fulldisclosure/2020/Dec/46
seclists.org
Full Disclosure: AST-2020-004: Remote crash in res_pjsip_diversion
■□□□□ Uninstall Programs on Windows 10 via Command Prompt's wmic.
https://www.howtogeek.com/702540/how-to-uninstall-a-program-on-windows-10-from-command-prompt/amp/
https://www.howtogeek.com/702540/how-to-uninstall-a-program-on-windows-10-from-command-prompt/amp/
How-To Geek
How to Uninstall a Program on Windows 10 from Command Prompt
If you’re using Windows 10 and need to free up some disk space, you can uninstall apps you no longer use straight from the Command Prompt. Here’s how it’s done.
■■□□□ SilkRoad archives:
https://www.infosecurity-magazine.com/news/silk-road-shut-down-and-dread-pirate-roberts/
https://www.infosecurity-magazine.com/news/silk-road-shut-down-and-dread-pirate-roberts/
Infosecurity Magazine
Silk Road Shut Down, and Dread Pirate Roberts Arrested
Silk Road is perhaps the most infamous illicit marketplace on the hidden (dark) web. It has been seized and shutdown by the feds; and its owner, allegedly Ross William Ulbricht (aka Dread Pirate Roberts), has been arrested.
■■■□□ New Critical Flaws in Treck TCP/IP Stack Affect Millions of IoT Devices.
No wild exploitation detected. 🇮🇱
#Zeroday #0day
https://thehackernews.com/2020/12/new-critical-flaws-in-treck-tcpip-stack.html
No wild exploitation detected. 🇮🇱
#Zeroday #0day
https://thehackernews.com/2020/12/new-critical-flaws-in-treck-tcpip-stack.html
■■■■■ Golden SAML: Attack Technique Forges Authentication.
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Cyberark
Golden SAML: Newly Discovered Attack Technique Forges Authentication to Cloud Apps
CyberArk Labs discovered a new attack vector, dubbed “golden SAML,” which allows an attacker to authenticate across every service that uses SAML 2.0 protocol as an SSO mechanism.
■■■□□ Joker’s Stash .Bazar Site Allegedly Seized By Law Enforcement.
● Well don't know what this is then: https://jstash-bazar.cm
https://thehackernews.com/2020/12/law-enforcement-seizes-jokers-stash.html
● Well don't know what this is then: https://jstash-bazar.cm
https://thehackernews.com/2020/12/law-enforcement-seizes-jokers-stash.html
■■■■■ Cookie Tossing to RCE on Google Cloud JupyterLab.
https://blog.s1r1us.ninja/bug-bounty/cookie-tossing-to-rce-on-google-cloud-jupyter-notebooks
https://blog.s1r1us.ninja/bug-bounty/cookie-tossing-to-rce-on-google-cloud-jupyter-notebooks
blog.s1r1us.ninja
s1r1us - cookie-tossing-to-rce-on-google-cloud-jupyter-notebooks
Blog Location changed to here : https://blog.s1r1us.ninja/research/cookie-tossing-to-rce-on-google-cloud-jupyter-notebooks
■■■■■ #AirGap: Keytap2 - acoustic keyboard eavesdropping based on language n-gram frequencies.
https://github.com/ggerganov/kbd-audio/discussions/31
https://github.com/ggerganov/kbd-audio/discussions/31
GitHub
Keytap2 - acoustic keyboard eavesdropping based on language n-gram frequencies · ggerganov kbd-audio · Discussion #31
Introduction Keytap is my hobby project for acoustic keyboard eavesdropping. In short, it works like this: Train an algorithm with the sounds that a specific keyboard emits when pressing its keys R...
■■■□□ Ransomware delivery via hastebin.
https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/negasteal-uses-hastebin-for-fileless-delivery-of-crysis-ransomware
https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/negasteal-uses-hastebin-for-fileless-delivery-of-crysis-ransomware
Trendmicro
Negasteal Uses Hastebin for Fileless Delivery of Crysis Ransomware
We discovered a Negasteal variant that uses hastebin to filelessly deliver Crysis ransomware to the victim's system.
■■■□□ Windows zero-day with bad patch gets new public exploit code.
https://www.bleepingcomputer.com/news/security/windows-zero-day-with-bad-patch-gets-new-public-exploit-code/ | #Zeroday #0day
https://www.bleepingcomputer.com/news/security/windows-zero-day-with-bad-patch-gets-new-public-exploit-code/ | #Zeroday #0day
BleepingComputer
Windows zero-day with bad patch gets new public exploit code
Back in June, Microsoft released a fix for a vulnerability in the Windows operating system that enabled attackers to increase their permissions to kernel level on a compromised machine. The patch did not stick.
■□□□□ #NorthKorea 🇰🇵 is trying to steal #COVID19 Vaccine data files.
https://thehackernews.com/2020/12/north-korean-hackers-trying-to-steal.html
https://thehackernews.com/2020/12/north-korean-hackers-trying-to-steal.html
■■■■□ Malicious Word Document Delivering an Octopus Backdoor 🐙 that does not use macros but 2 embedded object files that require user interaction / clicks.
https://isc.sans.edu/diary/rss/26918
https://isc.sans.edu/diary/rss/26918
■□□□□ #CyberWar: #Iran 🇮🇷 behind pro-Trump ‘enemies of the people’ doxing site, says FBI, #UnitedStates 🇺🇸.
https://www.bleepingcomputer.com/news/security/fbi-iran-behind-pro-trump-enemies-of-the-people-doxing-site/
https://www.bleepingcomputer.com/news/security/fbi-iran-behind-pro-trump-enemies-of-the-people-doxing-site/
BleepingComputer
FBI: Iran behind pro-Trump ‘enemies of the people’ doxing site
Iranian cyber actors are likely behind a campaign that encouraged deadly violence against U.S. state officials certifying the 2020 election results.