Found 39 bookmarks
Custom sorting
Perfecting Ransomware on AWS — Using ‘keys to the kingdom’ to change the locks
Perfecting Ransomware on AWS — Using ‘keys to the kingdom’ to change the locks
If someone asked me what was the best way to make money from a compromised AWS Account (assume root access even) — I would have answered “dump the data and hope that no-one notices you before you finish it up.” This answer would have been valid until ~8 months ago when I stumbled upon a lesser known feature of AWS KMS which allows an attacker to do devastating ransomware attacks on a compromised AWS account. Now I know that ransomware attacks using cross-account KMS keys is already known (checkout the article below)— but even then, the CMK is managed by AWS and they can just block the attackers access to the CMK and decrypt data for the victim because the key is OWNED by AWS and attacker is just given API access to it under AWS TOS. Also there’s no way to delete the CMK but only schedule the key deletion (min 7 days) which means there’s ample time for AWS to intervene.
#@harsh8v#EN#2024#medium#AWS#Ransomware#KMS#keys
·medium.com·
Perfecting Ransomware on AWS — Using ‘keys to the kingdom’ to change the locks
Taking over Train infrastructure in Poland /Traction power substation and lighting systems
Taking over Train infrastructure in Poland /Traction power substation and lighting systems
(6 Months later CZAT 7 Server is offline or changed to another ip address , this post was written 6 months ago, published today 9/2/2024) I’m a big fan of trains, i like them, but never tough that someday i would take over train traction power substation located in Poland from my home in Costa Rica. I’m not a train expert/engineer and i had no idea how the train management works , I’m a cyber security professional doing research in the internet about OT Industrial equipment exposed potentially vulnerable or misconfigured. Everything explained here is just what i learned reading official documentation from the Elester-pkp website . https://elester-pkp.com.pl/
#bertinjoseb#medium#EN#2024#iot#Critical-infrastructure#Train#Poland#iot-safari#power-substation#lighting-systems
·medium.com·
Taking over Train infrastructure in Poland /Traction power substation and lighting systems
Advanced Cyber Threats Impact Even the Most Prepared
Advanced Cyber Threats Impact Even the Most Prepared
Foreign nation-state cyber adversaries are tenacious. Their attacks are evolving to get around the industry’s most sophisticated defenses. Last year was exploitation of routers, and this year’s theme has been compromise of edge protection devices. MITRE, a company that strives to maintain the highest cybersecurity possible, is not immune. Despite our commitment to safeguarding our digital assets, we’ve experienced a breach that underscores the nature of modern threats. In this blog post, we provide an initial account of the incident, outlining the tactics, techniques, and procedures (TTPs) employed by the adversaries, as well as some of our ongoing incident response efforts and recommendations for future steps to fortify your defenses.
#medium#EN#2024#MITRE#cyberincident#Ivanti#TTPs
·medium.com·
Advanced Cyber Threats Impact Even the Most Prepared
Tracing Ransomware Threat Actors Through Stylometric Analysis and Chat Log Examination
Tracing Ransomware Threat Actors Through Stylometric Analysis and Chat Log Examination
I stumbled upon an intriguing concept presented by Will Thomas (BushidoToken) in his blog post titled “Unmasking Ransomware Using Stylometric Analysis: Shadow, 8BASE, Rancoz.” This concept revolves around utilizing stylometry to identify potential modifications in new ransomware variants based on existing popular strains. If you’re interested, you can read the blog post here. (Notably, Will Thomas also appeared on Dark Net Diaries, discussing his tracking of the Revil ransomware.)
#callyso0414#YUCA#medium#EN#2023#ransomware#logs#log#chats#Stylometric#Analysis
·medium.com·
Tracing Ransomware Threat Actors Through Stylometric Analysis and Chat Log Examination
The Majority of PostgreSQL Servers on the Internet are Insecure
The Majority of PostgreSQL Servers on the Internet are Insecure
At most 15% of the approximately 820,000 PostgreSQL servers listening on the Internet require encryption. In fact, only 36% even support encryption. This puts PostgreSQL servers well behind the rest of the Internet in terms of security. In comparison, according to Google, over 96% of page loads in Chrome on a Mac are encrypted. The top 100 websites support encryption, and 97 of those default to encryption.
#innerjoin.bit.io#EN#2022#PostgreSQL#research#Insecure#internet#medium
·innerjoin.bit.io·
The Majority of PostgreSQL Servers on the Internet are Insecure
Crypto Bug in Samsung Galaxy Devices: Breaking Trusted Execution Environments (TEEs)
Crypto Bug in Samsung Galaxy Devices: Breaking Trusted Execution Environments (TEEs)
If you use an Apple Macbook, it’s likely that you have a secret enclave for important secrets — such as your encryption keys. These keys define the core of the trust infrastructure on the device — and protect applications from stealing these secrets. The TEE also allows isolation between code which is fully trusted, and code that cannot be fully trusted. If this did not happen, we could install applications on our computer which would discover our login password and steal the encryption used used to key things secret and trusted.
#asecuritysite#bug#samsung#galaxy#EN#2022#CVE-2021-25444#medium#CVE-2021–25490
·medium.com·
Crypto Bug in Samsung Galaxy Devices: Breaking Trusted Execution Environments (TEEs)
The Majority of PostgreSQL Servers on the Internet are Insecure
The Majority of PostgreSQL Servers on the Internet are Insecure
At most 15% of the approximately 820,000 PostgreSQL servers listening on the Internet require encryption. In fact, only 36% even support encryption. This puts PostgreSQL servers well behind the rest of the Internet in terms of security. In comparison, according to Google, over 96% of page loads in Chrome on a Mac are encrypted. The top 100 websites support encryption, and 97 of those default to encryption.
#innerjoin.bit.io#EN#2022#PostgreSQL#research#Insecure#internet#medium
·innerjoin.bit.io·
The Majority of PostgreSQL Servers on the Internet are Insecure