Found 5 bookmarks
Custom sorting
Perfecting Ransomware on AWS — Using ‘keys to the kingdom’ to change the locks
Perfecting Ransomware on AWS — Using ‘keys to the kingdom’ to change the locks
If someone asked me what was the best way to make money from a compromised AWS Account (assume root access even) — I would have answered “dump the data and hope that no-one notices you before you finish it up.” This answer would have been valid until ~8 months ago when I stumbled upon a lesser known feature of AWS KMS which allows an attacker to do devastating ransomware attacks on a compromised AWS account. Now I know that ransomware attacks using cross-account KMS keys is already known (checkout the article below)— but even then, the CMK is managed by AWS and they can just block the attackers access to the CMK and decrypt data for the victim because the key is OWNED by AWS and attacker is just given API access to it under AWS TOS. Also there’s no way to delete the CMK but only schedule the key deletion (min 7 days) which means there’s ample time for AWS to intervene.
#@harsh8v#EN#2024#medium#AWS#Ransomware#KMS#keys
·medium.com·
Perfecting Ransomware on AWS — Using ‘keys to the kingdom’ to change the locks
Taking over Train infrastructure in Poland /Traction power substation and lighting systems
Taking over Train infrastructure in Poland /Traction power substation and lighting systems
(6 Months later CZAT 7 Server is offline or changed to another ip address , this post was written 6 months ago, published today 9/2/2024) I’m a big fan of trains, i like them, but never tough that someday i would take over train traction power substation located in Poland from my home in Costa Rica. I’m not a train expert/engineer and i had no idea how the train management works , I’m a cyber security professional doing research in the internet about OT Industrial equipment exposed potentially vulnerable or misconfigured. Everything explained here is just what i learned reading official documentation from the Elester-pkp website . https://elester-pkp.com.pl/
#bertinjoseb#medium#EN#2024#iot#Critical-infrastructure#Train#Poland#iot-safari#power-substation#lighting-systems
·medium.com·
Taking over Train infrastructure in Poland /Traction power substation and lighting systems
Advanced Cyber Threats Impact Even the Most Prepared
Advanced Cyber Threats Impact Even the Most Prepared
Foreign nation-state cyber adversaries are tenacious. Their attacks are evolving to get around the industry’s most sophisticated defenses. Last year was exploitation of routers, and this year’s theme has been compromise of edge protection devices. MITRE, a company that strives to maintain the highest cybersecurity possible, is not immune. Despite our commitment to safeguarding our digital assets, we’ve experienced a breach that underscores the nature of modern threats. In this blog post, we provide an initial account of the incident, outlining the tactics, techniques, and procedures (TTPs) employed by the adversaries, as well as some of our ongoing incident response efforts and recommendations for future steps to fortify your defenses.
#medium#EN#2024#MITRE#cyberincident#Ivanti#TTPs
·medium.com·
Advanced Cyber Threats Impact Even the Most Prepared