Found 3149 bookmarks
Custom sorting
BumbleBee Zeros in on Meterpreter
BumbleBee Zeros in on Meterpreter
In this intrusion from May 2022, the threat actors used BumbleBee as the initial access vector from a Contact Forms campaign. We have previously reported on two BumbleBee intrusions (1, 2), and this report is a continuation of a series of reports uncovering multiple TTPs seen by BumbleBee post exploitation operators. The intrusion began with the delivery of an ISO file that contained an LNK and a DLL. The threat actors leveraged BumbleBee to load a Meterpreter agent and Cobalt Strike Beacons. They then performed reconnaissance, used two different UAC bypass techniques, dumped credentials, escalated privileges using a ZeroLogon exploit, and moved laterally through the environment.
#thedfirreport#EN#2022#bumblebee#case#analysis
·thedfirreport.com·
BumbleBee Zeros in on Meterpreter
LockBit ransomware suspect nabbed in Canada, faces charges in the US
LockBit ransomware suspect nabbed in Canada, faces charges in the US
Automation features make LockBit one of the more destructive pieces of ransomware. Federal prosecutors on Thursday charged a dual Russian and Canadian national for his alleged participation in a global campaign to spread ransomware known as LockBit. Mikhail Vasiliev, 33, of Bradford, Ontario, Canada, was taken into custody in late October by authorities in Ontario, officials at Interpol said. He is now in custody in Canada awaiting extradition to the US.
#arstechnica#EN#2022#LockBit#Canada#member#arrest
·arstechnica.com·
LockBit ransomware suspect nabbed in Canada, faces charges in the US
Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns
Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns
  • The InterPlanetary File System (IPFS) is an emerging Web3 technology that is currently seeing widespread abuse by threat actors. * Cisco Talos has observed multiple ongoing campaigns that leverage the IPFS network to host their malware payloads and phishing kit infrastructure while facilitating other attacks. * IPFS is often used for legitimate
#talosintelligence#EN#2022#IPFS#Phishing#Malware#Campaigns
·blog.talosintelligence.com·
Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns
Abusing windows’ tokens to compromise active directory without touching lsass
Abusing windows’ tokens to compromise active directory without touching lsass
During an internal assessment, I performed an NTLM relay and ended up owning the NT AUTHORITY\SYSTEM account of the Windows server. Looking at the users connected on the same server, I knew that a domain administrator account was connected. All I had to do to compromise the domain, was compromise the account. This could be achieved by dumping the memory of the LSASS process and collecting their credentials or Kerberos TGT’s. Seemed easy until I realised an EDR was installed on the system. Long story short, I ended up compromising the domain admin account without touching the LSASS process. To do so, I relied on an internal Windows mechanism called token manipulation. The goal of this blog post is to present how I did it. We will see what access tokens are, what they are used for, how we can manipulate them to usurp legitimate accounts without touching LSASS and finally I will present a tool and a CrackMapExec module that can be used during such assessments. All the source code, binaries and CrackMapExec module can be found here https://github.com/sensepost/impersonate.
#sensepost#EN#2022#orange#LSASS#CrackMapExec#redteam#impersonate#tokens#abusing#Windows
·sensepost.com·
Abusing windows’ tokens to compromise active directory without touching lsass
The Case of Cloud9 Chrome Botnet
The Case of Cloud9 Chrome Botnet
The Zimperium zLabs team recently discovered a malicious browser extension, originally called Cloud9, which not only steals the information available during the browser session but can also install malware on a user's device and subsequently assume control of the entire device. In this blog, we will take a deeper look into this malicious browser extension.
#zimperium#EN#2022#browser#extension#Cloud9#malicious#stealer#malware#Analysis
·zimperium.com·
The Case of Cloud9 Chrome Botnet
A cyberattack blocked the trains in Denmark
A cyberattack blocked the trains in Denmark
At the end of October, a cyber attack caused the trains to stop in Denmark, the attack hit a third-party IT service provider. A cyber attack caused training the trains operated by DSB to stop in Denmark the last weekend, threat actors hit a third-party IT service provider. The attack hit the Danish company Supeo […]
#securityaffairs#EN#2022#Denmark#cyberattack#trains#DSB
·securityaffairs.co·
A cyberattack blocked the trains in Denmark
Nation-state cyberattacks become more brazen as authoritarian leaders ramp up aggression
Nation-state cyberattacks become more brazen as authoritarian leaders ramp up aggression
On February 23, 2022, the cybersecurity world entered a new age, the age of the hybrid war, as Russia launched both physical and digital attacks against Ukraine. This year’s Microsoft Digital Defense Report provides new detail on these attacks and on increasing cyber aggression coming from authoritarian leaders around the world.
#microsoft#EN#2022#report#authoritarian#leaders#defense
·blogs.microsoft.com·
Nation-state cyberattacks become more brazen as authoritarian leaders ramp up aggression
Insurance giant settles NotPetya lawsuit, signaling cyber insurance shakeup
Insurance giant settles NotPetya lawsuit, signaling cyber insurance shakeup
The settlement last week in a $100 million lawsuit over whether insurance giant Zurich should cover losses Mondelez International suffered from NotPetya may very well reshape the entire cyber insurance marketplace. Zurich initially denied claims from Mondelez after the malware, which experts estimate caused some $10 billion in damages globally, wreaked havoc on its computer networks. The insurance provider claimed an act of war exemption since it’s widely believed Russian military hackers unleashed NotPetya on a Ukrainian company before it spread around the world.
#cyberscoop#EN#2022#financial#NotPetya#lawsuit#insurance#Zurich#ransomware
·cyberscoop.com·
Insurance giant settles NotPetya lawsuit, signaling cyber insurance shakeup
Inside the global hack-for-hire industry
Inside the global hack-for-hire industry
In a quiet alcove of the opulent Leela Palace hotel in Delhi, two British corporate investigators were listening intently to a young Indian entrepreneur as he made a series of extraordinary confessions. The 28-year-old computer specialist Tej Singh Rathore described his role as a player in a burgeoning criminal industry stealing secrets from people around the world. He had hacked more than 500 email accounts, mostly on behalf of his corporate intelligence clients.
#thebureauinvestigates#EN#2022#intelligence#hack-for-hire#India
·thebureauinvestigates.com·
Inside the global hack-for-hire industry
Department for Education warned after gambling companies benefit from learning records database
Department for Education warned after gambling companies benefit from learning records database
The Information Commissioner’s Office (ICO) has issued a reprimand to the Department for Education (DfE) following the prolonged misuse of the personal information of up to 28 million children. An ICO investigation found that the DfE’s poor due diligence meant a database of pupils’ learning records was ultimately used by Trust Systems Software UK Ltd (trading as Trustopia), an employment screening firm, to check whether people opening online gambling accounts were 18.
#ICO#UK#EN#2022#education#PII#students#misuse#data#privacy#records#database#children
·ico.org.uk·
Department for Education warned after gambling companies benefit from learning records database
Crimson Kingsnake: BEC Group Impersonates…
Crimson Kingsnake: BEC Group Impersonates…
Recently, we identified a new BEC group leveraging blind third-party impersonation tactics to swindle companies around the world. The group, which we call Crimson Kingsnake, impersonates real attorneys, law firms, and debt recovery services to deceive accounting professionals into quickly paying bogus invoices.
#abnormalsecurity#EN#2022#BEC#invoices#Crimson-Kingsnake#impersonation#scam
·abnormalsecurity.com·
Crimson Kingsnake: BEC Group Impersonates…
Exploiting Static Site Generators: When Static Is Not Actually Static
Exploiting Static Site Generators: When Static Is Not Actually Static
Over the last ten years, we have seen the industrialization of the content management space. A decade ago, it felt like every individual and business had a dynamic WordPress blog, loaded up with a hundred plugins to do everything from add widgets to improve performance. Over time, we realised this was a bad idea, as ensuring the security of third-party plugins seemed increasingly impossible.
#assetnote#EN#2022#Static#hosting#comromise#Netlify
·blog.assetnote.io·
Exploiting Static Site Generators: When Static Is Not Actually Static
Malware on the Google Play store leads to harmful phishing sites
Malware on the Google Play store leads to harmful phishing sites
A family of malicious apps from developer Mobile apps Group are listed on Google Play and infected with Android/Trojan.HiddenAds.BTGTHB. In total, four apps are listed, and together they have amassed at least one million downloads. Older versions of these apps have been detected in the past as different variants of Android/Trojan.HiddenAds. Yet, the developer is still on Google Play dispensing its latest HiddenAds malware.
#malwarebytes#Mobile-apps-Group#EN#2022#HiddenAds#malware#Trojan#app#google-play
·malwarebytes.com·
Malware on the Google Play store leads to harmful phishing sites