Found 33 bookmarks
Custom sorting
Getting a taste of your own medicine: Threat actor MUT-1244 targets offensive actors, leaking hundreds of thousands of credentials | Datadog Security Labs
Getting a taste of your own medicine: Threat actor MUT-1244 targets offensive actors, leaking hundreds of thousands of credentials | Datadog Security Labs
  • In this post, we describe our in-depth investigation into a threat actor to which we have assigned the identifier MUT-1244. MUT-1224 uses two initial access vectors to compromise their victims, both leveraging the same second-stage payload: a *phishing campaign targeting thousands of academic researchers and a large number of trojanized GitHub repositories, such as proof-of-concept code for exploiting known CVEs. Over 390,000 credentials, believed to be for WordPress accounts, have been exfiltrated to the threat actor through the malicious code in the trojanized "yawpp" GitHub project, masquerading as a WordPress credentials checker. Hundreds of victims of MUT-1244 were and are still being compromised. Victims are believed to be offensive actors—including pentesters and security researchers, as well as malicious threat actors— and had sensitive data such as SSH private keys and AWS access keys exfiltrated. We assess that MUT-1244 has overlap with a campaign tracked in previous research reported on the malicious npm package 0xengine/xmlrpc and the malicious GitHub repository hpc20235/yawpp.
#securitylabs.datadoghq.com#EN#2024#pentesters#script-kiddies#offensive#actors#MUT-1244#PoC#PoC-abuse#MUT-1224#credentials#steal
·securitylabs.datadoghq.com·
Getting a taste of your own medicine: Threat actor MUT-1244 targets offensive actors, leaking hundreds of thousands of credentials | Datadog Security Labs
A Single Cloud Compromise Can Feed an Army of AI Sex Bots
A Single Cloud Compromise Can Feed an Army of AI Sex Bots
Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services. Researchers say these illicit chat bots, which…
#krebsonsecurity#EN#2024#Cloud#Compromise#credentials#Cybercriminals#AI-powered#chat#services
·krebsonsecurity.com·
A Single Cloud Compromise Can Feed an Army of AI Sex Bots
Cryptographers’ Feedback on the EU Identity Wallet
Cryptographers’ Feedback on the EU Identity Wallet
A handful cryptographers were asked for feedback on the architecture of the European Identity Wallet (the Architecture Reference Framwork (ARF), currently at version 1.4.0). We seized the opportunity to write a short report to urge Europe to reconsider the design, and to base it on the use of anonymous (aka attribute-based) credentials. Anonymous credentials were designed specifically to achieve authentication and identification that are both secure and privacy-preserving. As a result, they fully meet the requirements put forth in the eiDAS 2.0 regulation. (The current design does not.) Moreover, they are by now a mature technology. In particular we recommend to use the BBS family of anonymous credentials, which are efficient and mathematically proven secure.
#blog.xot.nl#EB#eid#EU#Identity#Wallet#Anonymous#credentials#architecture
·blog.xot.nl·
Cryptographers’ Feedback on the EU Identity Wallet
Hundreds of network operators’ credentials found circulating in Dark Web
Hundreds of network operators’ credentials found circulating in Dark Web
Following a recent and highly disruptive cyberattack on telecom carrier Orange España the cybersecurity community needs to rethink its approach to safeguarding the digital identity of staff involved in network engineering and IT infrastructure management. Orange España is the second-largest mobile operator in Spain. In early January, an attacker going by the alias ‘Snow’ hijacked Orange España’s RIPE Network Coordination Centre (NCC) account. RIPE is Europe’s regional Internet registry. After this initial breach, Snow sabotaged the telecommunications firm’s border gateway protocol (BGP) and resource public key infrastructure (RPKI) configurations.
#resecurity#EN#2024#network#operators#credentials#darkweb#RIPE#BGP
·resecurity.com·
Hundreds of network operators’ credentials found circulating in Dark Web
New Python NodeStealer Goes Beyond Facebook Credentials, Now Stealing All Browser Cookies and Login Credentials
New Python NodeStealer Goes Beyond Facebook Credentials, Now Stealing All Browser Cookies and Login Credentials
Netskope Threat Labs is tracking a campaign that uses malicious Python scripts to steal Facebook users’ credentials and browser data. This campaign targets Facebook business accounts with bogus Facebook messages with a malicious file attached. The attacks are reaching victims mainly in Southern Europe and North America across different segments, led by the manufacturing services and technology sectors.
#netskope#EN#2023#analysis#Python#NodeStealer#Facebook#Credentials#Login
·netskope.com·
New Python NodeStealer Goes Beyond Facebook Credentials, Now Stealing All Browser Cookies and Login Credentials
Did You Know Your Browser’s Autofill Credentials Could Be Stolen via Cross-Site Scripting (XSS)
Did You Know Your Browser’s Autofill Credentials Could Be Stolen via Cross-Site Scripting (XSS)
Cross-Site Scripting (XSS) is a well-known vulnerability that has been around for a long time and can be used to steal sessions, create fake logins and carry out actions as someone else, etc. In addition, many users are unaware of the potential dangers associated with their browser’s credential autofill feature. This attack vector is not new, but it is unknown to many people and as we investigated further we found that the dangers were extensive. In this post, the GoSecure Titan Labs team will demonstrate that using a browser password manager with autofill could expose your credentials in a web application vulnerable to XSS.
#gosecure#EN#2022#browsers#XSS#password-autofill#credentials
·gosecure.net·
Did You Know Your Browser’s Autofill Credentials Could Be Stolen via Cross-Site Scripting (XSS)
Did You Know Your Browser’s Autofill Credentials Could Be Stolen via Cross-Site Scripting (XSS)
Did You Know Your Browser’s Autofill Credentials Could Be Stolen via Cross-Site Scripting (XSS)
Cross-Site Scripting (XSS) is a well-known vulnerability that has been around for a long time and can be used to steal sessions, create fake logins and carry out actions as someone else, etc. In addition, many users are unaware of the potential dangers associated with their browser’s credential autofill feature. This attack vector is not new, but it is unknown to many people and as we investigated further we found that the dangers were extensive. In this post, the GoSecure Titan Labs team will demonstrate that using a browser password manager with autofill could expose your credentials in a web application vulnerable to XSS.
#gosecure#EN#2022#browsers#XSS#password-autofill#credentials
·gosecure.net·
Did You Know Your Browser’s Autofill Credentials Could Be Stolen via Cross-Site Scripting (XSS)