cKure
■□□□□ In a major unprecedented incident, data centers of OVH located in Strasbourg, France have been destroyed by fire. https://www.bleepingcomputer.com/news/technology/ovh-data-center-burns-down-knocking-major-sites-offline/
■□□□□ OVH data center fire likely caused by faulty UPS power supply.
cKure
■□□□□ OVH data center fire likely caused by faulty UPS power supply.
■■■■□ Giant fire takes Down Government Hacking Infrastructure.
https://www.vice.com/en/article/3an9wb/ovh-datacenter-fire-takes-down-government-hacking-infrastructure
https://www.vice.com/en/article/3an9wb/ovh-datacenter-fire-takes-down-government-hacking-infrastructure
VICE
Giant Datacenter Fire Takes Down Government Hacking Infrastructure
A fire at a European datacenter has had some impact on the infrastructure used by several government and criminal hacking groups, according to Kaspersky Lab.
■■■■■ Regexploit tool unveiled with a raft of ReDoS bugs already on its resume.
https://portswigger.net/daily-swig/regexploit-tool-unveiled-with-a-raft-of-redos-bugs-already-on-its-resume
https://portswigger.net/daily-swig/regexploit-tool-unveiled-with-a-raft-of-redos-bugs-already-on-its-resume
The Daily Swig | Cybersecurity news and views
Regexploit tool unveiled with a raft of ReDoS bugs already on its resume
Optional whitespaces were ‘a recurring source of vulnerabilities’ in regex implementations
■■■■□ #Russia 🇷🇺: A new version of the Darkside ransomware (v2.0) variant which its creators claim will feature faster encryption speeds, VoIP calling and virtual machine targeting.
https://mobile.twitter.com/3xp0rtblog/status/1369727242562134017
https://www.infosecurity-magazine.com:443/news/darkside-20-ransomware-fastest/
https://mobile.twitter.com/3xp0rtblog/status/1369727242562134017
https://www.infosecurity-magazine.com:443/news/darkside-20-ransomware-fastest/
X (formerly Twitter)
3xp0rt (@3xp0rtblog) on X
#Malware #Ransomware #DarkSide
New DarkSide 2.0 is out. The new version concentrated on speed and new service features. DarkSide 2.0 became fastest for 2 minutes than concurrent. Other changes refer to panel and service. See screenshots for detailed information.
New DarkSide 2.0 is out. The new version concentrated on speed and new service features. DarkSide 2.0 became fastest for 2 minutes than concurrent. Other changes refer to panel and service. See screenshots for detailed information.
cKure
■■■□□ New DEARCRY Ransomware is targeting Microsoft Exchange Servers. https://www.bleepingcomputer.com/news/security/new-dearcry-ransomware-is-targeting-microsoft-exchange-servers/
■■□□□ Statement from Microsoft's Security Team wrt. Exchange ransomware DearCry.
https://mobile.twitter.com/MsftSecIntel/status/1370236539427459076
https://mobile.twitter.com/MsftSecIntel/status/1370236539427459076
X (formerly Twitter)
Microsoft Threat Intelligence (@MsftSecIntel) on X
We have detected and are now blocking a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers. Microsoft protects against this threat known as Ransom:Win32/DoejoCrypt.A, and also as DearCry.
cKure
■■□□□ Statement from Microsoft's Security Team wrt. Exchange ransomware DearCry. https://mobile.twitter.com/MsftSecIntel/status/1370236539427459076
● This exchange fix (https://t.me/cKure/7146) works for Microsoft Defender users and not custom EDR solutions.
■■■■■ A decent way to bypass XSS filters, rather WAFs.
https://mobile.twitter.com/0dayCTF/status/1370187588385058819
https://mobile.twitter.com/0dayCTF/status/1370187588385058819
cKure
■■■■■ A decent way to bypass XSS filters, rather WAFs. https://mobile.twitter.com/0dayCTF/status/1370187588385058819
● Yet another website: aem1k.com/aurebesh.js [JavaScritp obfuscation utility]
cKure
PoC of proxylogon chain SSRF(CVE-2021-26855).py
● Currently, there are over 80,000 servers exposed to DearCry ransomware. And exploit code is public (t.me/cKure/7129).
I assume that every hacker (black / white) is busy in their own ways.
I assume that every hacker (black / white) is busy in their own ways.
Telegram
cKure
■■■■□ PoC of proxylogon chain SSRF(CVE-2021-26855) | not tested.
■□□□□ #DataLeak: Apple 🍎 is suing a former employee who it claims leaked company trade secrets to a media outlet for over a year for his own personal gain.
Former advanced materials lead and product design architect Simon Lancaster is accused of abusing his position to access information outside of his job scope. He allegedly exchanged the data he stole for payment and positive media coverage of a startup business.
https://www.infosecurity-magazine.com:443/news/apple-sues-employee-for-stealing/
Former advanced materials lead and product design architect Simon Lancaster is accused of abusing his position to access information outside of his job scope. He allegedly exchanged the data he stole for payment and positive media coverage of a startup business.
https://www.infosecurity-magazine.com:443/news/apple-sues-employee-for-stealing/
Infosecurity Magazine
Apple Sues Employee for Stealing Trade Secrets
Former Apple materials lead sued after allegedly leaking trade secrets to media
■■■□□ #DataLeak: 150K Verkada camera feed hacked; also was advised by internal admins violating privacy of customers. Hacker detained.
https://securityboulevard.com/2021/03/150000-verkada-cams-hacked-but-it-gets-worse/
https://securityboulevard.com/2021/03/150000-verkada-cams-hacked-but-it-gets-worse/
Security Boulevard
150,000 Verkada Cams Hacked, but it Gets Worse
Countless employees and interns routinely had access to Verkada customers’ video feeds
cKure
● Currently, there are over 80,000 servers exposed to DearCry ransomware. And exploit code is public (t.me/cKure/7129). I assume that every hacker (black / white) is busy in their own ways.
■■■■■ Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon).
CVE-2021-27065
CVE-2021-26855
https://www.exploit-db.com/exploits/49637
CVE-2021-27065
CVE-2021-26855
https://www.exploit-db.com/exploits/49637
Exploit Database
Microsoft Exchange 2019 - Server-Side Request Forgery (Proxylogon) (PoC)
Microsoft Exchange 2019 - Server-Side Request Forgery (Proxylogon) (PoC). CVE-2021-27065CVE-2021-26855 . webapps exploit for Windows platform
■■□□□ BetterCap v2.30 released.
Change Log: https://github.com/bettercap/bettercap/releases/tag/v2.30
Change Log: https://github.com/bettercap/bettercap/releases/tag/v2.30
GitHub
Release v2.30 · bettercap/bettercap
Changelog
New Features
583a54c new: new c2 module, first draft
Fixes
32eee7d Fix bug in target parsing
17799c0 fix: updated readline, using syscall package instead of constants (fixes #776)
3ac5...
New Features
583a54c new: new c2 module, first draft
Fixes
32eee7d Fix bug in target parsing
17799c0 fix: updated readline, using syscall package instead of constants (fixes #776)
3ac5...
■■■■■ HEVD Exploit - Type confusion on Windows 10 RS5 x64.
https://kristal-g.github.io/2021/02/20/HEVD_Type_Confusion_Windows_10_RS5_x64.html
https://kristal-g.github.io/2021/02/20/HEVD_Type_Confusion_Windows_10_RS5_x64.html
Kristal’s Notebook
HEVD Exploit - Type Confusion on Windows 10 RS5 x64
Introduction Hey all! This is just me trying again to return my debt to the tech community and document some practical methods of exploitation on an updated Windows 10. This post is about Type Confusion vulnerability (arbitrary pointer call in this case)…
■■□□□ #Dridex spotted in #Poland 🇵🇱.
f67aaddc196878449d515e0c337828d8 Payload delivered from: /shahu66.com/rc62n0.rar c2: 162.241.44.26:9443 192.232.229.53:4443 77.220.64.34:443 193.90.12.121:3098
Source: https://mobile.twitter.com/pmmkowalczyk
f67aaddc196878449d515e0c337828d8 Payload delivered from: /shahu66.com/rc62n0.rar c2: 162.241.44.26:9443 192.232.229.53:4443 77.220.64.34:443 193.90.12.121:3098
Source: https://mobile.twitter.com/pmmkowalczyk
cKure
■■■□□ #DataLeak at Shirbit, #Israel 🇮🇱. The Black Shadow group has released an ultimatum to release entire dump to anyone who is willing to pay.
■■■■□ Another Google Chrome 0-Day Bug Found Actively Exploited In-the-Wild.
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html
https://thehackernews.com/2021/03/another-google-chrome-0-day-bug-found.html #0day #Zeroday
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html
https://thehackernews.com/2021/03/another-google-chrome-0-day-bug-found.html #0day #Zeroday
Chrome Releases
Stable Channel Update for Desktop
The Stable channel has been updated to 89.0.4389.90 for Windows, Mac and Linux which will roll out over the coming days/weeks. A full list o...
■■■■■ Google has released proof-of-concept code for conducting a Spectre-based attack against its Chrome browser to show how web developers can take steps to mitigate browser-based side-channel attacks.
Exploit Code repo: https://github.com/google/security-research-pocs/tree/master/spectre.js
https://www.theregister.com/2021/03/12/google_spectre_code/
Exploit Code repo: https://github.com/google/security-research-pocs/tree/master/spectre.js
https://www.theregister.com/2021/03/12/google_spectre_code/
GitHub
security-research-pocs/spectre.js at master · google/security-research-pocs
Proof-of-concept codes created as part of security research done by Google Security Team. - google/security-research-pocs