UN aviation agency ‘investigating’ security breach after hacker claims theft of personal data
ICAO says the incident was allegedly linked to a hacker 'known for targeting international organizations'
BeyondTrust Remote Support SaaS Service Security Investigation
BeyondTrust identified a security incident that involved a limited number of Remote Support SaaS customers. On December 5th, 2024, a root cause analysis into a Remote Support SaaS issue identified an API key for Remote Support SaaS had been compromised. BeyondTrust immediately revoked the API key, notified known impacted customers, and suspended those instances the same day while providing alternative Remote Support SaaS instances for those customers. 12/12/24 While the security incident forensics investigation remains ongoing, there are no material updates to provide at this time. We continue to pursue all possible paths as part of the forensic analysis, with the assistance of external forensic parties, to ensure we conduct as thorough an investigation as possible. We continue to communicate, and work closely with, all known affected customers. We will continue to provide updates here until our investigation is concluded.
On These Apps, the Dark Promise of Mothers Sexually Abusing Children
Smartphone apps downloaded from Apple and Google can allow parents and other abusers to connect with pedophiles who pay to watch — and direct — criminal behavior.
iVerify Mobile Threat Investigation Uncovers New Pegasus Samples
iVerify’s Mobile Threat Hunting finds Pegasus spyware is more prevalent and capable of infecting a wide range of devices, not just devices of high-risk users.
Pacific Rim: Inside the Counter-Offensive—The TTPs Used to Neutralize China-Based Threats
Sophos X-Ops unveils five-year investigation tracking China-based groups targeting perimeter devices
Swiss identified in Austrian bomb threat investigation
Austrian security authorities have identified a Swiss man as the suspect in a series of emails containing bomb threats.
Free Russia Foundation to investigate data breach after internal documents published online — Novaya Gazeta Europe
One of Russia’s most prominent pro-democracy organisations, the Free Russia Foundation, announced that it was investigating a potential cyberattack on Friday, following a leak of thousands of emails and documents related to its work.
FIN7: The Truth Doesn't Need to be so STARK
First and foremost, our thanks go to the threat research team at Silent Push and the security team at Stark Industries Solutions (referred to as “Stark” from this point forwards) for their enthusiastic cooperation in the ‘behind the scenes’ efforts of this blog post.IntroductionIn our opening statement, we also introduce the subject of this post: the cross-team and cross-organization collaborative efforts of Silent Push, Stark, and Team Cymru in taking action against a common and well-known adve
stardom dreams, stalking devices and the secret conglomerate selling both
people frequently reach out to me with companies to look into. usually it takes me about 10 minutes before i move on for one reason or another—it's not interesting for a story or has good security, for example. i didnt expect anything different when an acquaintance told me about Tracki, a self-proclaimed "world leader in GPS tracking" that they suspected could be used nefariously. at first glance, Tracki appeared to be a serious company, maybe even one that cared about security. we could never have guessed what was about to unfold before us. half a year into our investigation, we'd found it all: a hidden conglomerate posing as five independent companies, masked from governments and customers alike through the use of dozens of false identities, US letterbox companies, and an undeclared owner. a 90s phone sex scheme that, through targeting by one of hollywood's most notorious fixers, spiraled into a collection of almost a hundred domains advertising everything from online dating to sore throat remedies. a slew of device-assisted murder cases, on top of potential data breaches affecting almost 12 million users, ranging from federal government officials to literal infants. and most importantly, a little-known Snoop Dogg song. how in the world did we get here? starting our descent
Threat Actors’ Toolkit: Leveraging Sliver, PoshC2 & Batch Scripts
- In early December of 2023, we discovered an open directory filled with batch scripts, primarily designed for defense evasion and executing command and control payloads. These scripts execute various actions, including disabling antivirus processes and stopping services related to SQL, Hyper-V, security tools, and Exchange servers. This report also highlights scripts responsible for erasing backups, wiping event logs, and managing the installation or removal of remote monitoring tools like Atera. Our investigation uncovered the use of additional tools, including Ngrok for proxy services, SystemBC, and two well-known command and control frameworks: Sliver and PoshC2. The observed servers show long term usage by the threat actors, appearing in The DFIR Report Threat Feeds as far back as September 2023. They have been active intermittently since then, with the most recent activity detected in August 2024. Ten new sigma rules were created from this report and added to our private sigma ruleset
Hacking Millions of Modems (and Investigating Who Hacked My Modem)
Two years ago, something very strange happened to me while working from my home network. I was exploiting a blind XXE vulnerability that required an external HTTP server to smuggle out files, so I spun up an AWS box and ran a simple Python webserver to receive the traffic from the vulnerable server:
Cloudflare’s investigation of the January 2022 Okta compromise
Today, March 22, 2022 at 03:30 UTC we learnt of a compromise of Okta. We use Okta internally for employee identity as part of our authentication stack. We have investigated this compromise carefully and do not believe we have been compromised as a result. We do not use Okta for customer accounts; customers do not need to take any action unless they themselves use Okta.
Cloudflare’s investigation of the January 2022 Okta compromise
Today, March 22, 2022 at 03:30 UTC we learnt of a compromise of Okta. We use Okta internally for employee identity as part of our authentication stack. We have investigated this compromise carefully and do not believe we have been compromised as a result. We do not use Okta for customer accounts; customers do not need to take any action unless they themselves use Okta.
Cloudflare’s investigation of the January 2022 Okta compromise
Today, March 22, 2022 at 03:30 UTC we learnt of a compromise of Okta. We use Okta internally for employee identity as part of our authentication stack. We have investigated this compromise carefully and do not believe we have been compromised as a result. We do not use Okta for customer accounts; customers do not need to take any action unless they themselves use Okta.
Cloudflare’s investigation of the January 2022 Okta compromise
Today, March 22, 2022 at 03:30 UTC we learnt of a compromise of Okta. We use Okta internally for employee identity as part of our authentication stack. We have investigated this compromise carefully and do not believe we have been compromised as a result. We do not use Okta for customer accounts; customers do not need to take any action unless they themselves use Okta.
Cloudflare’s investigation of the January 2022 Okta compromise
Today, March 22, 2022 at 03:30 UTC we learnt of a compromise of Okta. We use Okta internally for employee identity as part of our authentication stack. We have investigated this compromise carefully and do not believe we have been compromised as a result. We do not use Okta for customer accounts; customers do not need to take any action unless they themselves use Okta.
Cloudflare’s investigation of the January 2022 Okta compromise
Today, March 22, 2022 at 03:30 UTC we learnt of a compromise of Okta. We use Okta internally for employee identity as part of our authentication stack. We have investigated this compromise carefully and do not believe we have been compromised as a result. We do not use Okta for customer accounts; customers do not need to take any action unless they themselves use Okta.
1Password Detects Suspicious Activity Following Okta Support Breach
1password detected suspicious activity following the Okta support system breach. After investigation, they determined no user data was accessed.
Sony Investigating After Hackers Offer to Sell Stolen Data
Sony has launched an investigation after a ransomware group claimed to have compromised all systems and offered to sell stolen data.
Inside the subsea cable firm secretly helping American take on China
SubCom is laying deepwater internet cables to boost U.S. economic and military might, including a secret mission to a remote island naval base, Reuters found.
Cloudflare’s investigation of the January 2022 Okta compromise
Today, March 22, 2022 at 03:30 UTC we learnt of a compromise of Okta. We use Okta internally for employee identity as part of our authentication stack. We have investigated this compromise carefully and do not believe we have been compromised as a result. We do not use Okta for customer accounts; customers do not need to take any action unless they themselves use Okta.
Summary of the Investigation Related to CVE-2023-0669
We’d like to provide an update on our investigation into the suspicious activity detected in our Fortra GoAnywhere MFT solution. Working with Unit 42, we have completed our investigation and have compiled a factual summary of the investigation, as well as continuous improvement actions Fortra is taking to further strengthen our systems and recommended actions customers can take to secure their data and improve their security posture using available features in the GoAnywhere MFT solution.
Meet the FSB contractor: 0Day Technologies
An investigation into the FSB’s digital surveillance and disinformation contractor
Investigating Intrusions From Intriguing Exploits
On 02 February 2023, an alert triggered in a Huntress-protected environment. At first glance, the alert itself was fairly generic - a combination of certutil using the urlcache flag to retrieve a remote resource and follow-on scheduled task creation - but further analysis revealed a more interesting set of circumstances. By investigating the event in question and pursuing root cause analysis (RCA), Huntress was able to link this intrusion to a recently-announced vulnerability as well as to a long-running post-exploitation framework linked to prominent ransomware groups.
Uber Investigating Breach of Its Computer Systems
The company said on Thursday that it was looking into the scope of the apparent hack.
Charming Kitten: “Can We Have A Meeting?”
Our recent investigation at Certfa Lab, the APT42 has been running multiple phishing campaigns since late 2021 and some of them are ongoing and still active.
Microsoft investigates Iranian attacks against the Albanian government
Shortly after the destructive cyberattacks on the Albanian government in mid-July, the Microsoft Detection and Response Team (DART) was engaged to lead an investigation into the attacks.
Revealing Europe's NSO
An Italian surveillance company is tracking people all over the world on a grand scale on behalf of its clients – including in countries with a recent history of corruption and human rights abuses. Its powerful spyware was recently found in Kazakhstan and Romania. Europe’s parliamentarians voice growing concern about an out-of-control surveillance industry and call for it to be regulated.
Vulnerability in Linux containers – investigation and mitigation
Operating system access controls, that constrain which programs can open which files, have existed for almost as long as computers themselves. Access controls are still widely used and are more flexible and efficient when compared to cryptographically protecting files. Despite the long history, ther
Investigation report about the abuse of the Mac Appstore | by Privacy1St
This investigation report contains an applications analysis of 7 different Apple developer accounts (identified so far — maybe there are…