Found 10 bookmarks
Custom sorting
BeyondTrust Remote Support SaaS Service Security Investigation
BeyondTrust Remote Support SaaS Service Security Investigation
BeyondTrust identified a security incident that involved a limited number of Remote Support SaaS customers. On December 5th, 2024, a root cause analysis into a Remote Support SaaS issue identified an API key for Remote Support SaaS had been compromised. BeyondTrust immediately revoked the API key, notified known impacted customers, and suspended those instances the same day while providing alternative Remote Support SaaS instances for those customers. 12/12/24 While the security incident forensics investigation remains ongoing, there are no material updates to provide at this time. We continue to pursue all possible paths as part of the forensic analysis, with the assistance of external forensic parties, to ensure we conduct as thorough an investigation as possible. We continue to communicate, and work closely with, all known affected customers. We will continue to provide updates here until our investigation is concluded.
#beyondtrust#EN#2024#SaaS#Investigation#incident#API-key#root-cause
·beyondtrust.com·
BeyondTrust Remote Support SaaS Service Security Investigation
Free Russia Foundation to investigate data breach after internal documents published online — Novaya Gazeta Europe
Free Russia Foundation to investigate data breach after internal documents published online — Novaya Gazeta Europe
One of Russia’s most prominent pro-democracy organisations, the Free Russia Foundation, announced that it was investigating a potential cyberattack on Friday, following a leak of thousands of emails and documents related to its work.
#novayagazeta#EN#2024#investigation#Data-Leak#Russia#pro-democracy#cyberattack
·novayagazeta.eu·
Free Russia Foundation to investigate data breach after internal documents published online — Novaya Gazeta Europe
FIN7: The Truth Doesn't Need to be so STARK
FIN7: The Truth Doesn't Need to be so STARK
First and foremost, our thanks go to the threat research team at Silent Push and the security team at Stark Industries Solutions (referred to as “Stark” from this point forwards) for their enthusiastic cooperation in the ‘behind the scenes’ efforts of this blog post.IntroductionIn our opening statement, we also introduce the subject of this post: the cross-team and cross-organization collaborative efforts of Silent Push, Stark, and Team Cymru in taking action against a common and well-known adve
#team-cymru#EN#2024#FIN7#Stark-Industries-Solutions#STARK#PostLtd#SmartApe#investigation
·team-cymru.com·
FIN7: The Truth Doesn't Need to be so STARK
stardom dreams, stalking devices and the secret conglomerate selling both
stardom dreams, stalking devices and the secret conglomerate selling both
people frequently reach out to me with companies to look into. usually it takes me about 10 minutes before i move on for one reason or another—it's not interesting for a story or has good security, for example. i didnt expect anything different when an acquaintance told me about Tracki, a self-proclaimed "world leader in GPS tracking" that they suspected could be used nefariously. at first glance, Tracki appeared to be a serious company, maybe even one that cared about security. we could never have guessed what was about to unfold before us. half a year into our investigation, we'd found it all: a hidden conglomerate posing as five independent companies, masked from governments and customers alike through the use of dozens of false identities, US letterbox companies, and an undeclared owner. a 90s phone sex scheme that, through targeting by one of hollywood's most notorious fixers, spiraled into a collection of almost a hundred domains advertising everything from online dating to sore throat remedies. a slew of device-assisted murder cases, on top of potential data breaches affecting almost 12 million users, ranging from federal government officials to literal infants. and most importantly, a little-known Snoop Dogg song. how in the world did we get here? starting our descent
#maia.crimew.gay#EN#2024#Tracki#shady#business#investigation#stalkerware#security#analysis#sqli#leak#exploit#nyancrimew#maia-arson-crimew#switzerland#hacktivism#developer
·maia.crimew.gay·
stardom dreams, stalking devices and the secret conglomerate selling both
Threat Actors’ Toolkit: Leveraging Sliver, PoshC2 & Batch Scripts
Threat Actors’ Toolkit: Leveraging Sliver, PoshC2 & Batch Scripts
  • In early December of 2023, we discovered an open directory filled with batch scripts, primarily designed for defense evasion and executing command and control payloads. These scripts execute various actions, including disabling antivirus processes and stopping services related to SQL, Hyper-V, security tools, and Exchange servers. This report also highlights scripts responsible for erasing backups, wiping event logs, and managing the installation or removal of remote monitoring tools like Atera. Our investigation uncovered the use of additional tools, including Ngrok for proxy services, SystemBC, and two well-known command and control frameworks: Sliver and PoshC2. The observed servers show long term usage by the threat actors, appearing in The DFIR Report Threat Feeds as far back as September 2023. They have been active intermittently since then, with the most recent activity detected in August 2024. Ten new sigma rules were created from this report and added to our private sigma ruleset
#thedfirreport#EN#2024#Toolkit#investigation#open-directory#PoshC2#Batch-Scripts
·thedfirreport.com·
Threat Actors’ Toolkit: Leveraging Sliver, PoshC2 & Batch Scripts