LifeLabs could pay at least $4.9M in proposed class-action settlement over cyberattack
π£yankmywire
π@malwr
π£yankmywire
π@malwr
CBC
LifeLabs could pay at least $4.9M in proposed class-action settlement over cyberattack | CBC News
LifeLabs could pay at least $4.9 million and up to $9.8 million to settle a class-action lawsuit arising from a 2019 cyberattack that compromised patient data, primarily in Ontario and B.C.
Creating a lightweight malware Scanner
Dear Cybersecurity experts,
I worked at a company where a lot of people would come by with their personal USB drives and use them to load documents onto computers inside the corporate network. These computers where outside of the internet and had no antivirus, meaning that if a virus would be loaded onto it using an USB it could damage the machine easily. Nobody ever checked the comtent of the usb drives before connecting them.
To prevent this, I came up with the simple solution of creating an application for the Raspberry Pi. The Raspberry Pi had a touchscreen, so when the user brought his usb drive, he would connect it to the raspberry pi, select it on the touchscreen and let it verify from the app. After it was confirmed from the application that the usb was clean, the user was allowed to connect it to the server. Even if a virus happened to infect the Raspberry Pi (very unlikely), it was easier to replace than a computer.
Since the Raspberry Pi 3 I used for the project didn't have that much resources to work with, the virus scanner I created was very simple and only used MD5 hashes to check for viruses. It compared each hashed file with a database and that's it. On one hand it's a very fast and lightweight approach, on the other hand it's not very secure.
So, since I'm not an Security expert myself, I wanted to ask you if you know any other systems I might use to check a file without using up too much resources. Sandboxing a file for example is probably not possible using just about 1GB Ram.
If you want to check it out, my project is open-source: Raspirus
I used the signatures in MD5 format from Virusshare for my database.
π£Benben377
You could possibly try some sort of YARA implementation.
YARA:
https://virustotal.github.io/yara/
more resources and rule sets:
https://github.com/InQuest/awesome-yara
π€_hudsn
π@malwr
Dear Cybersecurity experts,
I worked at a company where a lot of people would come by with their personal USB drives and use them to load documents onto computers inside the corporate network. These computers where outside of the internet and had no antivirus, meaning that if a virus would be loaded onto it using an USB it could damage the machine easily. Nobody ever checked the comtent of the usb drives before connecting them.
To prevent this, I came up with the simple solution of creating an application for the Raspberry Pi. The Raspberry Pi had a touchscreen, so when the user brought his usb drive, he would connect it to the raspberry pi, select it on the touchscreen and let it verify from the app. After it was confirmed from the application that the usb was clean, the user was allowed to connect it to the server. Even if a virus happened to infect the Raspberry Pi (very unlikely), it was easier to replace than a computer.
Since the Raspberry Pi 3 I used for the project didn't have that much resources to work with, the virus scanner I created was very simple and only used MD5 hashes to check for viruses. It compared each hashed file with a database and that's it. On one hand it's a very fast and lightweight approach, on the other hand it's not very secure.
So, since I'm not an Security expert myself, I wanted to ask you if you know any other systems I might use to check a file without using up too much resources. Sandboxing a file for example is probably not possible using just about 1GB Ram.
If you want to check it out, my project is open-source: Raspirus
I used the signatures in MD5 format from Virusshare for my database.
π£Benben377
You could possibly try some sort of YARA implementation.
YARA:
https://virustotal.github.io/yara/
more resources and rule sets:
https://github.com/InQuest/awesome-yara
π€_hudsn
π@malwr
GitHub
GitHub - Raspirus/raspirus: A user- and resources-friendly rules-based malware scanner
A user- and resources-friendly rules-based malware scanner - Raspirus/raspirus
Radical Redirection Rodeo: Exploring The Redirection Bug Classes Of Server Side Open Redirects and Client Side Open Redirects More Indepth
π£TheCrazyAcademic
π@malwr
π£TheCrazyAcademic
π@malwr
Medium
Radical Redirection Rodeo: Exploring The Redirection Bug Classes Of Server Side Open Redirects andβ¦
Radical Redirection Rodeo: Exploring The Redirection Bug Classes Of Server Side Open Redirects and Client Side Open Redirects More Indepth So I wanted to explore the two bug classes of server sideβ¦
Administrator of βBulletproofβ Webhosting Domain Charged in Connection with Facilitation of NetWalker Ransomware
π£jnazario
π@malwr
π£jnazario
π@malwr
www.justice.gov
Administrator of βBulletproofβ Webhosting Domain Charged in Connection
An indictment was unsealed yesterday in Tampa, Florida, charging a Polish national with computer fraud conspiracy, wire fraud conspiracy, and international money laundering in connection with the provision of βbulletproofβ webhosting services that facilitatedβ¦
New threat actor targets Bulgaria, China, Vietnam and other countries with customized Yashma ransomware
π£digicat
π@malwr
π£digicat
π@malwr
Cisco Talos Blog
New threat actor targets Bulgaria, China, Vietnam and other countries with customized Yashma ransomware
Cisco Talos discovered an unknown threat actor, seemingly of Vietnamese origin, conducting a ransomware operation that began at least as early as June 4, 2023 with customized Yashma ransomware.
π1
German Embassy Lure: Likely Part of Campaign Against NATO Aligned Ministries of Foreign Affairs
π£digicat
π@malwr
π£digicat
π@malwr
Eclecticiq
German Embassy Lure: Likely Part of Campaign Against NATO Aligned Ministries of Foreign Affairs
EclecticIQ researchers identified two PDFs that are likely part of an ongoing campaign targeting Ministries of Foreign Affairs of NATO aligned countries.
CVE-2023-0871, an XML external entity injection vulnerability in OpenNMS Horizon
π£jnazario
π@malwr
π£jnazario
π@malwr
Synopsys
OpenNMS Horizon CVE-2023-0871: XML Injection Vulnerability | Synopsys Blog
Explore in-depth coverage of the XML External Entity injection vulnerability (CVE-2023-0871) found in OpenNMS Horizon. Stay informed with our CyRC advisory.
π1
Reconnaissance Tools | Part 1 | TryHackMe Red Team Recon
In this video walk-through, we covered the first part of passive and active reconnaissance basics and tools. We covered DNS reconnaissance using tools such as dig, whois, nslookup in addition to online tools such as threat intelligence platforms. This was part of TryHackMe Red team pathway.
Video is here
Writeup is here
π£MotasemHa
π@malwr
In this video walk-through, we covered the first part of passive and active reconnaissance basics and tools. We covered DNS reconnaissance using tools such as dig, whois, nslookup in addition to online tools such as threat intelligence platforms. This was part of TryHackMe Red team pathway.
Video is here
Writeup is here
π£MotasemHa
π@malwr
YouTube
Reconnaissance Tools | Part 1 | TryHackMe Red Team Recon
In this video walk-through, we covered the first part of passive and active reconnaissance basics and tools. We covered DNS reconnaissance using tools such as dig, whois, nslookup in addition to online tools such as threat intelligence platforms. This wasβ¦
How do you get a debit/credit card without linking it to you?
For Ops Sec purposes:
- how will you get a debit/credit card or whatsoever that you can use to pay for AWS etc without having it traced back to you?
P.S.: Legal methods only please. Please donβt suggest buying off credit card details from dumps etc.
π£Huang_Hua
The way youβre asking this question is most certainly for nefarious based purposes. Most threat actors will use compromised aws accounts or buy cc dumps.
π€AstroBoy1337
If you are doing legal and authorized testing, this is not necessary. As others have suggested, it is actually better to identify yourself to these services so they know that you aren't a real threat actor - otherwise, they suspend your account, you have bigger problems. They will be more likely to reach out if you information is legit and verifiable. I even use a +pentest alias in my contact email address.
For sketchier services (like residential proxy providers, in my experience) you can use something like Privacy.com, or use crypto if they accept it. The circumstances where you have to consider a service provider in your threat model as an authorized res teamer is few and far between.
π€DoctorGasbag
Buy a cash card from Walmart or Le Target Boutique (Target). You hand them cash, they will activate it there, and you can use that for subsequent online transactions executed over a VPN. Those don't work with Azure but *shrugs* there are plenty of other providers that they do work with. I haven't tried them with AWS.
π€CellUpper5067
π@malwr
For Ops Sec purposes:
- how will you get a debit/credit card or whatsoever that you can use to pay for AWS etc without having it traced back to you?
P.S.: Legal methods only please. Please donβt suggest buying off credit card details from dumps etc.
π£Huang_Hua
The way youβre asking this question is most certainly for nefarious based purposes. Most threat actors will use compromised aws accounts or buy cc dumps.
π€AstroBoy1337
If you are doing legal and authorized testing, this is not necessary. As others have suggested, it is actually better to identify yourself to these services so they know that you aren't a real threat actor - otherwise, they suspend your account, you have bigger problems. They will be more likely to reach out if you information is legit and verifiable. I even use a +pentest alias in my contact email address.
For sketchier services (like residential proxy providers, in my experience) you can use something like Privacy.com, or use crypto if they accept it. The circumstances where you have to consider a service provider in your threat model as an authorized res teamer is few and far between.
π€DoctorGasbag
Buy a cash card from Walmart or Le Target Boutique (Target). You hand them cash, they will activate it there, and you can use that for subsequent online transactions executed over a VPN. Those don't work with Azure but *shrugs* there are plenty of other providers that they do work with. I haven't tried them with AWS.
π€CellUpper5067
π@malwr
Reddit
From the redteamsec community on Reddit
Explore this post and more from the redteamsec community
π4
New ways to inject system CA certificates in Android 14
π£pimterry
Been using this the last couple days. Loved the ingenuity to it
π€tysear
This is an update to a previous post from a couple of weeks back, discussed quite a bit in this sub over here: https://httptoolkit.com/blog/android-14-install-system-ca-certificate/
π€pimterry
π@malwr
π£pimterry
Been using this the last couple days. Loved the ingenuity to it
π€tysear
This is an update to a previous post from a couple of weeks back, discussed quite a bit in this sub over here: https://httptoolkit.com/blog/android-14-install-system-ca-certificate/
π€pimterry
π@malwr
Httptoolkit
New ways to inject system CA certificates in Android 14
A couple of weeks ago I published a post about changes in Android 14 that fundamentally break existing approaches to installing system-level CA certificates,...