Found 19 bookmarks
Custom sorting
2022 zero day was used to raid Fortigate firewall configs. Somebody just released them.
2022 zero day was used to raid Fortigate firewall configs. Somebody just released them.
Back in 2022, Fortinet warned that somebody had a zero day vulnerability and was using it to exploit Fortigate firewalls https://www.fortinet.com/blog/psirt-blogs/update-regarding-cve-2022-40684 Today, Belsen Group publicly released Fortigate firewall configs from just over 15k unique devices:
#doublepulsar#EN#2025#2022#cve-2022-40684#Fortigate#dump
·doublepulsar.com·
2022 zero day was used to raid Fortigate firewall configs. Somebody just released them.
Snowflake at centre of world’s largest data breach
Snowflake at centre of world’s largest data breach
Cloud AI Data platform Snowflake are having a bad month. Due to teenager threat actors and cybersecurity of its own customers… and its own cybersecurity, too, in terms of optics. There are several large data breaches playing out in the media currently. For example, Ticketmaster owner Live Nation filed an 8-K with the SEC for potentially the largest data breach ever, claimed to be 560 million customers.
#doublepulsar#EN#204#Snowflake#Data-Breach#analysis#KevinBeaumont
·doublepulsar.com·
Snowflake at centre of world’s largest data breach
Stealing everything you’ve ever typed or viewed on your own Windows PC is now possible with two lines of code — inside the Copilot+ Recall disaster.
Stealing everything you’ve ever typed or viewed on your own Windows PC is now possible with two lines of code — inside the Copilot+ Recall disaster.
I wrote a piece recently about Copilot+ Recall, a new Microsoft Windows 11 feature which — in the words of Microsoft CEO Satya Nadella- takes “screenshots” of your PC constantly, and makes it into an…
#doublepulsar#EN#Microsoft#Copilot+#PC#Windows#Recall#Stealing#disaster#KevinBeaumont
·doublepulsar.com·
Stealing everything you’ve ever typed or viewed on your own Windows PC is now possible with two lines of code — inside the Copilot+ Recall disaster.
The ticking time bomb of Microsoft Exchange Server 2013
The ticking time bomb of Microsoft Exchange Server 2013
I monitor (in an amateur, clueless way) ransomware groups in my spare time, to see what intelligence can be gained from looking at victim orgs and what went wrong. Basically, I’m a giant big dork with too much free time. I’ve discovered two organisations with ransomware incidents, where the entry point appears to have been Exchange Server 2013 with Outlook Web Access enabled, where all available security updates were applied.
#doublepulsar#EN#2023#analysis#ransomware#Microsoft-Exchange#Exchange-Server2013#risk
·medium.com·
The ticking time bomb of Microsoft Exchange Server 2013
What it means — CitrixBleed ransomware group woes grow as over 60 credit unions, hospitals, financial services and more breached in US. | by Kevin Beaumont | Dec, 2023 | DoublePulsar
What it means — CitrixBleed ransomware group woes grow as over 60 credit unions, hospitals, financial services and more breached in US. | by Kevin Beaumont | Dec, 2023 | DoublePulsar
Credit union technology firm Trellance own Ongoing Operations LLC, and provide a platform called Fedcomp — used by double digit number of other credit unions across the United States. This Fedcomp…
#doublepulsar#EN#2023#CitrixBleed#analysis
·doublepulsar.com·
What it means — CitrixBleed ransomware group woes grow as over 60 credit unions, hospitals, financial services and more breached in US. | by Kevin Beaumont | Dec, 2023 | DoublePulsar
LockBit ransomware group assemble strike team to breach banks, law firms and governments.
LockBit ransomware group assemble strike team to breach banks, law firms and governments.
Recently, I’ve been tracking LockBit ransomware group as they’ve been breaching large enterprises: I thought it would be good to break down what is happening and how they’re doing it, since LockBit are breaching some of the world’s largest organisations — many of whom have incredibly large security budgets. Through data allowing the tracking of ransomware operators, it has been possible to track individual targets. Recently, it has become clear they have been targeting a vulnerability in Citrix Netscaler, called CitrixBleed. Prior reading:
#doublepulsar#EN#2023#LockBit#ransomware#CitrixBleed
·doublepulsar.com·
LockBit ransomware group assemble strike team to breach banks, law firms and governments.
UK Electoral Commission had an unpatched Microsoft Exchange Server vulnerability
UK Electoral Commission had an unpatched Microsoft Exchange Server vulnerability
You have have read about the hack of the Electoral Commission recently. In this piece we take a look at what happened, show they were running Microsoft Exchange Server with Outlook Web App (OWA) facing the internet, and the unpatched vulnerability that presented.
#doublepulsar#EN#2023#UK#Electoral#Commission#ProxyNotShell
·doublepulsar.com·
UK Electoral Commission had an unpatched Microsoft Exchange Server vulnerability