cKure
PoC of proxylogon chain SSRF(CVE-2021-26855).py
■□□□□ ProxyLogon PoC Exploit Released; Likely to Fuel More Disruptive Cyber Attacks.
https://thehackernews.com/2021/03/proxylogon-exchange-poc-exploit.html
https://thehackernews.com/2021/03/proxylogon-exchange-poc-exploit.html
■■■■■ Browser exploit via side channel attack: Researchers have discovered a new side-channel that they say can be reliably exploited to leak information from web browsers that could then be leveraged to track users even when JavaScript is completely disabled.
"This is a side-channel attack which doesn't require any JavaScript to run," the researchers said. "This means script blockers cannot stop it. The attacks work even if you strip out all of the fun parts of the web browsing experience. This makes it very difficult to prevent without modifying deep parts of the operating system."
https://arxiv.org/abs/2103.04952
https://thehackernews.com/2021/03/new-browser-attack-allows-tracking.html
"This is a side-channel attack which doesn't require any JavaScript to run," the researchers said. "This means script blockers cannot stop it. The attacks work even if you strip out all of the fun parts of the web browsing experience. This makes it very difficult to prevent without modifying deep parts of the operating system."
https://arxiv.org/abs/2103.04952
https://thehackernews.com/2021/03/new-browser-attack-allows-tracking.html
cKure
■□□□□ 📢 Hackers Are Targeting Microsoft Exchange Servers With Ransomware.
■■■□□ New DEARCRY Ransomware is targeting Microsoft Exchange Servers.
https://www.bleepingcomputer.com/news/security/new-dearcry-ransomware-is-targeting-microsoft-exchange-servers/
https://www.bleepingcomputer.com/news/security/new-dearcry-ransomware-is-targeting-microsoft-exchange-servers/
BleepingComputer
DearCry ransomware attacks Microsoft Exchange with ProxyLogon exploits
Threat actors are now installing a new ransomware called 'DEARCRY' after hacking into Microsoft Exchange servers using the recently disclosed ProxyLogon vulnerabilities.
■□□□□ Microsoft's GitHub under fire after disappearing proof-of-concept exploit for critical Microsoft Exchange vuln.
On Wednesday, shortly after security researcher Nguyen Jang posted a proof-of-concept exploit on GitHub that abuses a Microsoft Exchange vulnerability revealed earlier this month, GitHub, which is owned by Microsoft, removed code, to the alarm of security researchers.
On Wednesday, shortly after security researcher Nguyen Jang posted a proof-of-concept exploit on GitHub that abuses a Microsoft Exchange vulnerability revealed earlier this month, GitHub, which is owned by Microsoft, removed code, to the alarm of security researchers.
■□□□□ 7-Zip developer releases the first official Linux version.
https://sourceforge.net/p/sevenzip/discussion/45797/thread/cec5e63147/
https://sourceforge.net/p/sevenzip/discussion/45797/thread/cec5e63147/
cKure
■□□□□ In a major unprecedented incident, data centers of OVH located in Strasbourg, France have been destroyed by fire. https://www.bleepingcomputer.com/news/technology/ovh-data-center-burns-down-knocking-major-sites-offline/
■□□□□ OVH data center fire likely caused by faulty UPS power supply.
cKure
■□□□□ OVH data center fire likely caused by faulty UPS power supply.
■■■■□ Giant fire takes Down Government Hacking Infrastructure.
https://www.vice.com/en/article/3an9wb/ovh-datacenter-fire-takes-down-government-hacking-infrastructure
https://www.vice.com/en/article/3an9wb/ovh-datacenter-fire-takes-down-government-hacking-infrastructure
VICE
Giant Datacenter Fire Takes Down Government Hacking Infrastructure
A fire at a European datacenter has had some impact on the infrastructure used by several government and criminal hacking groups, according to Kaspersky Lab.
■■■■■ Regexploit tool unveiled with a raft of ReDoS bugs already on its resume.
https://portswigger.net/daily-swig/regexploit-tool-unveiled-with-a-raft-of-redos-bugs-already-on-its-resume
https://portswigger.net/daily-swig/regexploit-tool-unveiled-with-a-raft-of-redos-bugs-already-on-its-resume
The Daily Swig | Cybersecurity news and views
Regexploit tool unveiled with a raft of ReDoS bugs already on its resume
Optional whitespaces were ‘a recurring source of vulnerabilities’ in regex implementations
■■■■□ #Russia 🇷🇺: A new version of the Darkside ransomware (v2.0) variant which its creators claim will feature faster encryption speeds, VoIP calling and virtual machine targeting.
https://mobile.twitter.com/3xp0rtblog/status/1369727242562134017
https://www.infosecurity-magazine.com:443/news/darkside-20-ransomware-fastest/
https://mobile.twitter.com/3xp0rtblog/status/1369727242562134017
https://www.infosecurity-magazine.com:443/news/darkside-20-ransomware-fastest/
X (formerly Twitter)
3xp0rt (@3xp0rtblog) on X
#Malware #Ransomware #DarkSide
New DarkSide 2.0 is out. The new version concentrated on speed and new service features. DarkSide 2.0 became fastest for 2 minutes than concurrent. Other changes refer to panel and service. See screenshots for detailed information.
New DarkSide 2.0 is out. The new version concentrated on speed and new service features. DarkSide 2.0 became fastest for 2 minutes than concurrent. Other changes refer to panel and service. See screenshots for detailed information.
cKure
■■■□□ New DEARCRY Ransomware is targeting Microsoft Exchange Servers. https://www.bleepingcomputer.com/news/security/new-dearcry-ransomware-is-targeting-microsoft-exchange-servers/
■■□□□ Statement from Microsoft's Security Team wrt. Exchange ransomware DearCry.
https://mobile.twitter.com/MsftSecIntel/status/1370236539427459076
https://mobile.twitter.com/MsftSecIntel/status/1370236539427459076
X (formerly Twitter)
Microsoft Threat Intelligence (@MsftSecIntel) on X
We have detected and are now blocking a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers. Microsoft protects against this threat known as Ransom:Win32/DoejoCrypt.A, and also as DearCry.
cKure
■■□□□ Statement from Microsoft's Security Team wrt. Exchange ransomware DearCry. https://mobile.twitter.com/MsftSecIntel/status/1370236539427459076
● This exchange fix (https://t.me/cKure/7146) works for Microsoft Defender users and not custom EDR solutions.
■■■■■ A decent way to bypass XSS filters, rather WAFs.
https://mobile.twitter.com/0dayCTF/status/1370187588385058819
https://mobile.twitter.com/0dayCTF/status/1370187588385058819
cKure
■■■■■ A decent way to bypass XSS filters, rather WAFs. https://mobile.twitter.com/0dayCTF/status/1370187588385058819
● Yet another website: aem1k.com/aurebesh.js [JavaScritp obfuscation utility]
cKure
PoC of proxylogon chain SSRF(CVE-2021-26855).py
● Currently, there are over 80,000 servers exposed to DearCry ransomware. And exploit code is public (t.me/cKure/7129).
I assume that every hacker (black / white) is busy in their own ways.
I assume that every hacker (black / white) is busy in their own ways.
Telegram
cKure
■■■■□ PoC of proxylogon chain SSRF(CVE-2021-26855) | not tested.
■□□□□ #DataLeak: Apple 🍎 is suing a former employee who it claims leaked company trade secrets to a media outlet for over a year for his own personal gain.
Former advanced materials lead and product design architect Simon Lancaster is accused of abusing his position to access information outside of his job scope. He allegedly exchanged the data he stole for payment and positive media coverage of a startup business.
https://www.infosecurity-magazine.com:443/news/apple-sues-employee-for-stealing/
Former advanced materials lead and product design architect Simon Lancaster is accused of abusing his position to access information outside of his job scope. He allegedly exchanged the data he stole for payment and positive media coverage of a startup business.
https://www.infosecurity-magazine.com:443/news/apple-sues-employee-for-stealing/
Infosecurity Magazine
Apple Sues Employee for Stealing Trade Secrets
Former Apple materials lead sued after allegedly leaking trade secrets to media